* Félix Piédallu <fe...@piedallu.me> [2015-06-13 19:42:55 +0200]: > Hi there ! > Just new here. > And I've been informed that "Normally, Mailman will remind you of your > archlinux.org mailing list passwords once every month". > Does it mean the passwords are saved somewhere ?! > That means that my password is sent periodically. That's not the only > account for which I use this password. > That is a HUGE security breach. Please, change that system.
Yes, Mailman stores password in plain-text in the current version. I think this was changed in Mailman 3, but that's rather new and radically different. But it's really something common. The sign up page even says this (in bold!): Do not use a valuable password as it will occasionally be emailed back to you in cleartext. As others pointed out already, using different passwords is a really good idea anyways. Many more pages store passwords in plaintext (they are just less honest about it) unfortunately. Florian -- http://www.the-compiler.org | m...@the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/
pgpNJgPSfQ51S.pgp
Description: PGP signature