On 12.04.2014 04:22, Brad Roberts wrote:
On 4/11/14, 6:32 PM, Manu wrote:
Anyway, this is all beside the point, the issue is _I got an email
that TOLD ME MY PASSWORD_. Which
is completely inexcusable, ammateur, and offensive. When will it be
fixed?
In mailman 3 from what I've read, but it's been years in the coming. As
host of the mail/news gateway, I plan on taking no particular actions
here, other than to agree that it's a rather unfortunately bad security
stance. If someone finds a better mail/news gateway and list manager
that solves more problems than it causes and can spend some time testing
it to make sure it's actually better rather than just claims to be, then
I'll consider switching to it.
Could you then change the text that appears at signup and make the
disclaimer about the plain text password more visible?
I seem to remember that it was towards the end of the page, maybe
moving it to the beginning and make it bold would be a good enough
stopgap measure?
