On 4/11/2014 3:37 PM, Brad Roberts wrote:
Yup, mailman sucks. But so do all the other list managers out there.
:) With all the accurate and well placed righteous indignation on this
thread.. surely someone has the drive to actually fix the problem.
I'm actually [indirectly] working on that sort of thing by developing
libs intended to make using proper security best-practices far too
convenient for anyone to NOT use them. The first part of that:
http://forum.dlang.org/thread/[email protected]
Outside testing and source auditing would be appreciated. I admit I'm
currently having a little trouble reconciling @safe with the
auto-zeroing password struct. (Maybe Password could somehow just use
RAII without RefCounting?)
> I'm
reasonably confident that the mailman team would appreciate the manpower
to tackle the problem. :)
Honestly, I'm not so sure about that:
http://www.list.org/jwzrebuttal.html
The mailman devs appear to be thoroughly convinced their auth system is
a good one.
