On Wed, Apr 2, 2014 at 4:25 PM, Ron <[email protected]> wrote: > That doesn't change the fact that it's storing the passwords in > plaintext, though, it just hides the 'your passwords are completely > insecure' issue a little bit.
Of course. That patch (one liner) is just to prevent the bulk monthly reminders (which often end up in spam filters or in some admins dead.letter box) from containing the actual insecure password which could be used to produce no actual harm. As someone else noted, mailman never claims to securely store your password, and my patch simply keeps a list from defaulting to distributing that plainly stored password. -Jim P. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
