[Mailman-Developers] [Fwd: [vendor-sec] Weak
auto-generated passwords in Mailman]
brad at stop.mail-abuse.org
Thu Dec 23 03:27:20 CET 2004
At 11:04 AM +0100 2004-12-22, Florian Weimer wrote:
> Feedback from selected, trustworthy Mailman users indicates that
> Mailman users also think that this is a security bug.
I agree that it's a security issue, but I think that there are
other issues that are higher in the priority list for future updates
to the 2.1.x tree as well as the all-new code for Mailman3.
You'd have to get the official answer from Barry and Tokio for
their respective trees as to what it would take to get the priority
boosted, but I don't know that you're going to have much luck.
In the future, if you feel that you have sensitive security
issues with Mailman, it's probably better to contact Barry directly,
and he can at least give you an indicator as to whether or not it he
feels it would be appropriate to discuss amongst a broader group of
people, and where he feels that discussion should/could take place.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Developers