Hi Adam, On Tue, Nov 1, 2011 at 12:13 PM, Adam McGreggor <adam-mail...@amyl.org.uk> wrote: > On Tue, Nov 01, 2011 at 07:52:08AM -0400, Jeffrey Walton wrote: >> Its the first of the month, and I'm receiving my passwords from Mailman >> servers. > > Happy Mailman Day! > > (I disable Mailman-day crontab entries.) :)
>> I don't want my passwords stored in the plain text, and I don't want >> them stored with reversible encryption. > > Install Mailman 3. OK. I'm not the sysadmin, so I can't control the software. I can control my account settings. But I take it there is nothing I can do as a user. > Mark may have a more useful suggestion of what to patch, and there > could well be something in the archives about this. > >> How do I turn off this security hole (feature?). > > The standard listinfo text warns: > > You may enter a privacy password below. This provides only mild > security, but should prevent others from messing with your > subscription. Do not use a valuable password as it will > occasionally be emailed back to you in cleartext. > > You could, perhaps, edit the listinfo blurb, to give that greater > prominence? Well, between plain text passwords and non-authenticated users tampering, its really a no win situation for the user. I wish these list managers would get a f**king clue and do things securely. Jeff ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
