On 04/01/2015 05:05 PM, Mel Walters wrote: > We need a cure, not a band-aid.
We can have it: http://wiki.list.org/DOC/How%20do%20I%20turn%20off%20passwords%20completely%3F Many people are uncomfortable with Mailman 2's monthly password reminders, because the passwords are sent in the clear. When you sign up for a new mailing list, you are notified that this will happen and you are encouraged to use a low-value password, but understandably, some people still do not want such monthly password reminders. In Mailman 3, passwords are both stored in hashed form (i.e. not clear text) and the monthly reminder feature has been removed." Or do we? https://www.gnu.org/software/mailman/jwzrebuttal.html Someone sniffed the mailman reminder and impersonated you on this list. So what? Your bank account is still safe because best security practices say don't reuse passwords. Example of lists I'm subscribed to and send plaintext password reminders: lists.fedoraproject.org centos.org saout.de Those folks may know a few things about security. -- Viorel
signature.asc
Description: OpenPGP digital signature
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
