So let me try to address some of the issues raised here. There's two things: what we can do for Mailman 2.1, and what we can do for Mailman 3.0 (yes, it is still alive ;).
For the most part, passwords are one big PITA all around. I'd love to see mechanisms in MM3 that would eliminate passwords altogether. I don't know if that's possible, but one option might be to drop cookies after completing a web-based confirmation, or possibly pubkey based authentication for email communications. There needs to be /a lot/ of thought into this, including issues of usability vs. security, and what level of security we actually want to assert. For MM2.1, we long ago did a risk assessment on the assets that the password protects and we decided on the current scheme based on the value of those assets, which we deemed to be fairly low. I still think that's true except perhaps for private archives. Understand also that the bundled archiver, called Pipermail, was never intended to be ultimately secure, nor for that matter, highly scalable, robust, etc. Its primary use case was for public mailing lists, and to provide zero effort archiving. So my standard answer if you don't like Pipermail is, use some other archiver. They are easy to integrate with Mailman. I know that a number of large sites are doing this. The question is, outside of private Pipermail archives, do you feel that the user friendly, but not very secure passwords are adequate given the value of the asset they protect? We certainly felt they were when we designed the current system (which includes all the other ways to crack the password, including plaintext password reminders and storage of plaintext passwords in config.pck file). BTW, I believe Python 2.4 has an interface to /dev/urandom, and we could certainly add some optional support for more cryptographically secure password generation for Mailman 2.1. It should not be the default because I don't believe the majority of users would benefit from more secure but less user friendly passwords. -Barry
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
