On 11/2/2011 6:15 AM, Jeffrey Walton wrote: > On Wed, Nov 2, 2011 at 7:40 AM, Larry Stone <lston...@stonejongleux.com> > wrote: >> Jeffrey Walton writes: >> [Snip] >> . I was very naive. >> Mailman works with Mail. SMTP mail is very insecure with headers, etc. >> easily spoofed (by design - just as I can easily spoof the sender on a piece >> of paper mail I drop in a mailbox). What good does high security on Mailman >> do if it's trivial to step around the gate? >> > Agreed. I have no expectation that my messages to the list will be > private, or my email will be private. An attacker gains nothing from > reading my messages posted to a public mailing list. > > But the password database used by Mailman is not a public database. > Users have a reasonable expectation of security surrounding it. An > attacker gains a list of {user name, email, password} when the system > is compromised.
I agree users have a reasonable expectation of security surrounding their password. However, when the user is informed about the level of security being used, the user's reasonable expectation shouldn't exceed what they were told. I have a reasonable expectation of security when I am told I can use a locker to put my equipment in. But when I am told the locker has no locks on it, my reasonable expectation of security for that locker is much, much lower than if it had a lock. > >>> Confer: list managers did not fix Mailman 2 (nor did they use other >>> software which was secure). Why would you expect them to research >>> and securely configure Mailman 3? >> List managers have nothing to do with this. Us "list managers" did not write >> the software. We're just higher level users of Mailman than the reader of a >> mailing list that uses Mailman. But we're still just users. > Both are at fault. First are the developers for using an insecure > system, and second are the folks who use it in production. In this > case "crowd security" failed - more eyeballs were not better and did > not lead to improvements. > >> If Mailman does not meet your needs due to it failing to meet the security >> requirements you personally have, don't use it. > Unrealistic. I have no control over what software a particular mailing > list uses. Its kind of like saying, "if you don't like the smog, don't > breathe the air". It isn't necessarily unrealistic, a bit abrupt maybe. You can also make changes to the source to increase the security requirement. I have had to make some minor modifications to Mailman for it to do what is required where I work. And, as some on this list can probably attest, I am not a Python coder. So, if Mailman doesn't meet your needs, you can use it as is and suffer, make any changes you feel necessary, or not use it. > > Jeff Thanks, Chris ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org