[Bug 265179] Re: Security hole: passwords mailed in clear
Ran into this today, believe it or not, on the Python mailing list. I'm surprised that bad security is justified by referring to bad policy documentation... as if the fact that a bad idea written as policy on a subscription page makes it suddenly a good idea or beyond criticism. IMHO Users should not be told to "follow instructions" to compensate for lax handling of password data, no matter how trivial it may seem. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/265179 Title: Security hole: passwords mailed in clear To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/265179/+subscriptions
On Aug 01, 2012, at 12:26 PM, W. Prins wrote:
Ran into this today, believe it or not, on the Python mailing list. I'm surprised that bad security is justified by referring to bad policy documentation... as if the fact that a bad idea written as policy on a subscription page makes it suddenly a good idea or beyond criticism. IMHO Users should not be told to "follow instructions" to compensate for lax handling of password data, no matter how trivial it may seem.
You can turn off password reminders in your own preferences. Password reminders are removed in Mailman 3 and passwords are not stored in the clear in Mailman 3. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/265179 Title: Security hole: passwords mailed in clear To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/265179/+subscriptions
participants (2)
-
Barry Warsaw
-
W. Prins