Provision has been made to allow each postmaster to define a local remote installation password for his server, in addition to the global one. That is, each automatic shipment installation must be validated by a password that is unique to the server and cannot be known to other LISTSERV owners. There are three possible options: - No local installation password. Only the global password is required. This will be the default as the LISTSERV software package is not customized before being sent, and I can't therefore provide unique individual passwords for new sites. - Local installation password which is known only to the local system staff. The shipment will remain held until the password is provided to LISTSERV. The LISTSERV operation staff must periodically issue an INSTALL STAT command to check for new shipments when these are announced, and then issue an INSTALL PASSWORD command to confirm the installation. Note that it is then the responsibility of the local staff to install the shipments in time. This option might be selected by sites which had contemplated disabling automatic updates as it ensures proper installation of the shipment while completely removing security problems and making sure that a human person is present when the shipment is installed. - Local installation password which is given to me. In that case I send an individual 2-records file to each site with the appropriate password to confirm the installation of the shipments I send, with the major bulk of the shipment being sent out via DISTRIBUTE with the common password. This is negligible network load compared to the security benefits. Regards, Eric