On 4/11/14, 3:01 AM, Andrea Fontana wrote:
On Friday, 11 April 2014 at 07:39:12 UTC, Manu wrote:as your email address and whether you get digests or not. As a reminder, your membership password is [My password!!!] WHAT!!!11!one! If you have any questions or problems, you can contact the list owner at [email protected]Funny. Plain text password stored on db. Plain text password sent over smpt. Plain text password in the wild: http://goo.gl/JykIcu
Yup, mailman sucks. But so do all the other list managers out there. :) With all the accurate and well placed righteous indignation on this thread.. surely someone has the drive to actually fix the problem. I'm reasonably confident that the mailman team would appreciate the manpower to tackle the problem. :)
Personally, I use a unique password for each site with pwsafe as the storage manager. I consider list passwords so low value that I really just don't care that the passwords are fundamentally crappily managed. Sharing password between sites, particularly low trust sites, is a major security no no. Don't do it.
