On Wed, 2004-12-22 at 09:46, Florian Weimer wrote: > * Barry Warsaw: > > > On Wed, 2004-12-22 at 05:40, Florian Weimer wrote: > > > >> where should I submit security bugs? There are two more in my queue > >> (minor ones, admittedly, as no server-side code execution is > >> involved). > > > > As a general rule, you can post security issues to > > [EMAIL PROTECTED], which is a closed distribution list. > > Thanks. > > > I will try to find some time in the next few days to respond to the > > previous password issue. > > As this bug is now publicly documented, I've submitted a patch to the > Debian BTS: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796> > > Unfortunately, this patch is not portable because it relies on the > existence of /dev/urandom.
Can you send me (via mailman-cabal) the patch -- I don't want to have to cut and paste it out of the referenced bug report. If you do this, I will include the change_pw script for Mailman 2.1.6 and make a /dev/urandom based password optional based on an mm_cfg.py variable. I'm not sure exactly how to handle the listinfo text, but I'll think of something. -Barry
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
