[Mailman-Developers] Big checkins a'comin'!

[Barry A. Warsaw]

>>>>> "JM" == John Morton <jwm@plain.co.nz> writes:

    JM> Might as well add code to convert the password from the
    JM> depreciated form to the current default if one of the fallback
    JM> methods succeeds, then set the fallbacks to cascade over
    JM> crypt, MD5 and plaintext. This way, you can quitely change to
    JM> a more trusted hash should your current default eventually be
    JM> broken.

No can do.  crypt()'s a one-way hash and Mailman doesn't store the
cleartext password (for the list), so there's no way to recover it in
order to convert.

I've thought about storing the list password in the clear.  This would
allow a mail-back option for list owners, but requires for stricter
security in the file system (since the list passwords can be snooped
from the database).

-Barry