On 26 September 2017 at 07:09, Barry Warsaw <barry@python.org> wrote:
On Sep 25, 2017, at 16:49, Wes Turner <wes.turner@gmail.com> wrote:
Is this fixed in Mailman3?
Mailman 3 does not send password reminders and barely requires passwords (although the Postorius front end may, depending on what login mechanism is used, usually django-social-auth). What passwords Mailman 3 does keep are encrypted with passlib.
Perhaps security-sig could blaze the trail by migrating off of MM2 and on to MM3? Eventually migrating all of mail.python.org is going to be a mammoth task, but it would be nice if we could at least stop digging the hole deeper by encouraging new lists to start out on MM3, and offering a way for list owners to request piecemeal migrations. Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia