Jeffrey Walton writes:
The best I can tell, Mailman 2 did the wrong thing.
Against what threats with what level of security do you have in mind?
Confer: list managers did not fix Mailman 2 (nor did they use other
software which was secure). Why would you expect them to research
and
Jeffrey Walton writes:
The best I can tell, Mailman 2 did the wrong thing.
The best I can tell, your expectations for Mailman's security and the software
authors' expectations are completely different. As has already been explained,
it is a low level of security designed to prevent (maybe I
On Tue, Nov 1, 2011 at 9:25 PM, Stephen J. Turnbull step...@xemacs.org wrote:
Jeffrey Walton writes:
I wish these list managers would get a f**king clue and do things
securely.
By which you mean what? What we've learned over the last 30 years is
that when application developers try to
On Wed, Nov 2, 2011 at 6:00 AM, Stephen J. Turnbull step...@xemacs.org wrote:
Jeffrey Walton writes:
The best I can tell, Mailman 2 did the wrong thing.
Against what threats with what level of security do you have in mind?
I found it interesting you brought a threat model into the
On Wed, Nov 2, 2011 at 7:40 AM, Larry Stone lston...@stonejongleux.com wrote:
Jeffrey Walton writes:
The best I can tell, Mailman 2 did the wrong thing.
The best I can tell, your expectations for Mailman's security and the
software authors' expectations are completely different.
Agreed. I
On 11/2/2011 6:15 AM, Jeffrey Walton wrote:
On Wed, Nov 2, 2011 at 7:40 AM, Larry Stone lston...@stonejongleux.com
wrote:
Jeffrey Walton writes:
[Snip]
. I was very naive.
Mailman works with Mail. SMTP mail is very insecure with headers, etc.
easily spoofed (by design - just as I can
Jeffrey Walton writes:
The best I can tell, the Mailman threat model is naive or unrealistic.
It's neither. It merely corresponds to a very low level of security,
and you are told that when you subscribe.
There are at least three threats which should be modeled.
Should. Why? And why
On Tue, Nov 01, 2011 at 07:52:08AM -0400, Jeffrey Walton wrote:
Its the first of the month, and I'm receiving my passwords from Mailman
servers.
Happy Mailman Day!
(I disable Mailman-day crontab entries.)
I don't want my passwords stored in the plain text, and I don't want
them stored with
Hi Adam,
On Tue, Nov 1, 2011 at 12:13 PM, Adam McGreggor
adam-mail...@amyl.org.uk wrote:
On Tue, Nov 01, 2011 at 07:52:08AM -0400, Jeffrey Walton wrote:
Its the first of the month, and I'm receiving my passwords from Mailman
servers.
Happy Mailman Day!
(I disable Mailman-day crontab
Jeffrey Walton wrote:
OK. I'm not the sysadmin, so I can't control the software.
I can control my account settings. But I take it there is nothing I
can do as a user.
As a list member, you can turn off password reminders for any list of
which you are a member. As a list admin, you can turn off
Jeffrey Walton writes:
I wish these list managers would get a f**king clue and do things
securely.
By which you mean what? What we've learned over the last 30 years is
that when application developers try to do security, they generally
miss something. AFAICS Mailman 2 did the right thing
11 matches
Mail list logo