On 23/03/15 09:21 PM, Christopher Browne wrote: > Someone (I don't know whom) wasn't thrilled to have their Mailman > password sent to our web site via non-SSL, hence non-encrypted > connection.
That... specifically is a bit of a silly concern. Standard GNU Mailman sign up instructions read: """ You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. **Do not use a valuable password** as it will occasionally be emailed back to you in cleartext. """ (I believe GNU Mailman also *stores* passwords in plain text.) There's no reasonable expectation of security with a GNU Mailman password to begin with. > Which points to it being desirable to have an SSL cert. [...] > Still, SSL seems like a good idea regardless, even if it wouldn't solve any issue with Mailman. --- Talk Mailing List [email protected] http://gtalug.org/mailman/listinfo/talk
