On 1/20/2012 10:06 AM, Geoff Mayes wrote:
Thank you everyone for your help and sharing all of this information. I found it very useful and further proof of the active and supportive Mailman community.
It sounds like, to summarize, the Mailman2 branch can lock down its passwords by:
- disabling cron password reminders
- increasing the warning in the UI about not using valuable passwords
Mailman2 cannot change the following, however, without code changes: a. storing passwords unencrypted b. sending password reminder emails to list subscribers who request a reminder via the UI (is that right?).
I'm not worried about (a), just trying to be thorough.
Question: Can list admins request a password reminder email via the UI? In the UI I see that subscribers can but it doesn't look like list admins can. If that is true and a list admin/owner loses their password, does the Mailman site administrator have to fetch it for them? I'm thinking about the extra work (however small, as others have pointed out that admins rarely change their settings) this will put on our mailman administrator if there are 2k+ lists.
Thanks to all for your prompt and wonderful responses, Geoff Mayes
I don't believe the List Administrator/owner can have the list admin password sent to them. I don't think the site administrator can do it either. The only solution is to have the Site Admin change the list administrator password or if there are multiple list admins, have them tell the other admins for the list what the password is or change the password and then let the other know (if any).
But I could be wrong. We don't have 2+k lists so having the Site Admin change a list admin password is not a problem. Then again, since we started using Mailman, that has happened maybe three or four times. The student government moderates their own list for the undergraduate student population and sometimes they forget to let the incoming government people know the moderator password.
Chris
-----Original Message----- From: mailman-users-bounces+gmayes=uoregon.edu@python.org [mailto:mailman-users-bounces+gmayes=uoregon.edu@python.org] On Behalf Of C Nulk Sent: Friday, January 20, 2012 9:39 AM To: mailman-users@python.org Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On 1/20/2012 8:48 AM, Carl Zwanzig wrote:
On 1/20/2012 1:05 AM, Mailman Admin wrote:
On 2012-01-19 19:32, Geoff Mayes wrote:
Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? You can stop the cronjob used to email reminders. With this you don't email them to the users, but they will still be saved in clear text in Mailman. You can also easily change the code to leave it out of the reminder. Or simplest of all, use the option on the General Settings page (under Notifications) and turn off the monthly reminders.
Chris
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman- users/gmayes%40uoregon.edu