I 2nd this.
I have seen peeps in other groups be very loose with server logins.
Because new people come in to the groups every day, I recommend that a message with the ground rules (like don't post server logins) be sent when new users sign up. Failing that a ground rules email should be sent to all lists weekly.
Quoting Chaz Cheadle <firstname.lastname@example.org>
I think we should stop passing any(more) login credentials via the list.
Please call, or at least contact the users directly.
Since we'll potentially have many people accessing this server we have to be
very careful about what groups/rolls those people are in to minimize risk of
I am in no way suggesting that anyone on the list isn't trustworthy, after
server take-downs, DDoS's and an apparent animus towards our efforts we must
be very careful.
ssh key only access for most accounts would not be a bad idea.