I think CAN-2005-0202 gives us the opportunity to finally implement what
we have long considered an embarrassing exposure in Mailman's config.pck
databases. Member passwords are kept in this database in the clear.
The obvious fix is to hash member passwords and keep only the hash in
We haven't changed this before now for two reasons:
1. We would have to regenerate all member passwords, which is an
administrative burden. We might also need to implement checks to see if
the passwords were cleartext or hashed and do the password comparison
2. This breaks all password reminders.
To fully address CAN-2005-0202 we're recommending sites regenerate their
member passwords anyway, so this gives us an opening to fix this
properly. And we have a better internal password generator now too.
As for #2, well, I think most people hate those password reminders
anyway, and we've decided that they are going away for MM3. I don't
think many people would shed too many tears if we killed off monthly
password reminders for 2.1.6. Doing that would also eliminate the
requirement for the site list, since its primary purpose is to function
as the sender of the reminder messages.
To do this for 2.1.6, we'd have to change the "Email My Password To Me"
feature in the options page and in the member login page. These would
have to become a "create a new password for me" feature. Also,
crontab.in should not call mailpasswds anymore, or that script should
turn into a simple "here's the lists you are on" reminder, without the
password information in it. This will require i18n updates too.
The downside to doing this now is that it's more coding work for 2.1.6
and I'd like to get the new version out asap. Still, this seems like an
opportunity that we shouldn't lightly dismiss.
What do you all think? Is anybody willing to take a crack at a patch