On Tue, Nov 1, 2011 at 9:25 PM, Stephen J. Turnbull <step...@xemacs.org> wrote: > Jeffrey Walton writes: > > > I wish these list managers would get a f**king clue and do things > > securely. > > By which you mean what? What we've learned over the last 30 years is > that when application developers try to do security, they generally > miss something. AFAICS Mailman 2 did the right thing for its time: > provide minimal security against idle mischief and admit that there > was no security against hell-bent miscreants. The best I can tell, Mailman 2 did the wrong thing. "Password Security: A Case History", www.cs.bell-labs.com/who/dmr/passwd.ps. Written in 1978.
> Mailman 3 is taking > advantage of a decade of progress in security and network application > design, and providing the hooks needed to allow admins to configure > system security services. (This can be done with Mailman 2 as well, > but not as smoothly.) If Mailman 3 only provides hooks - as opposed to securely storing the secret - then Mailman 3 has problems out of the box. In this case, it would be no better than Mailman 2. Confer: list managers did not fix Mailman 2 (nor did they use other software which was secure). Why would you expect them to research and securely configure Mailman 3? Jeff ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
