* Félix Piédallu <[email protected]> [2015-06-13 19:42:55 +0200]: > Hi there ! > Just new here. > And I've been informed that "Normally, Mailman will remind you of your > archlinux.org mailing list passwords once every month". > Does it mean the passwords are saved somewhere ?! > That means that my password is sent periodically. That's not the only > account for which I use this password. > That is a HUGE security breach. Please, change that system.
Yes, Mailman stores password in plain-text in the current version. I
think this was changed in Mailman 3, but that's rather new and
radically different.
But it's really something common. The sign up page even says this (in
bold!):
Do not use a valuable password as it will occasionally be emailed
back to you in cleartext.
As others pointed out already, using different passwords is a really
good idea anyways. Many more pages store passwords in plaintext (they
are just less honest about it) unfortunately.
Florian
--
http://www.the-compiler.org | [email protected] (Mail/XMPP)
GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
I love long mails! | http://email.is-not-s.ms/
pgpNJgPSfQ51S.pgp
Description: PGP signature
