On 23/03/15 09:21 PM, Christopher Browne wrote:
> Someone (I don't know whom) wasn't thrilled to have their Mailman
> password sent to our web site via non-SSL, hence non-encrypted
> connection.

That... specifically is a bit of a silly concern. Standard GNU Mailman sign up
instructions read:

"""
You may enter a privacy password below. This provides only mild security, but
should prevent others from messing with your subscription. **Do not use a
valuable password** as it will occasionally be emailed back to you in cleartext.
"""

(I believe GNU Mailman also *stores* passwords in plain text.)

There's no reasonable expectation of security with a GNU Mailman password to
begin with.


> Which points to it being desirable to have an SSL cert. [...]
> 

Still, SSL seems like a good idea regardless, even if it wouldn't solve any
issue with Mailman.

---
Talk Mailing List
[email protected]
http://gtalug.org/mailman/listinfo/talk

Reply via email to