Murray S. Kucherawy wrote:
Do you folks ever get complaints about password reminders sending passwords in the clear?
Is there an open bug about that?
See, e.g., https://bugs.launchpad.net/mailman/+bug/265179.
Once a month I get someone nagging at me that this isn't a secure thing, possibly because it's a security-related mailing list (i.e., picky audience). My only choice in the current version is to turn off the reminders altogether. Perhaps it would be possible to add a switch that just turns off the password part?
How useful would the rest of it be without the password?
You can edit the template for the reminder per http://wiki.list.org/x/jYA9. Its name is cronpass.txt. Besure to see the note in the FAQ about list and domain specific templates not working for this template. However, the actual entries with the passwords are not built from the template so you'd have to also edit the code in cron/mailpasswds.