These passwords should not be recoverable; because they should be only stored as a one-way salted hash with n rounds. Passlib has a number of password hashing functions: - https://passlib.readthedocs.io/en/stable/ - https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/ Is this fixed in Mailman3? http://www.list.org/download.html http://www.list.org/devs.html #security lists: mailman-security@python.org as the seclist for mailman. Mailman 2 src: https://launchpad.net/mailman Mailman 3 src: https://gitlab.com/groups/mailman On Saturday, September 23, 2017, Steve Barnes <gadgetsteve@live.co.uk> wrote:
I personally was very disappointed on signing up to the both this mailing list & security-announce to receive back an email containing my password in plain text with the promise of the same thing once a month unless I changed settings on the mail man site..
I would have thought that a security related list could provide better default practices than that!
Is anybody else concerned about the idea?
Steve Barnes.
--- This email has been checked for viruses by AVG. http://www.avg.com