[Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman]

Brad Knowles brad at stop.mail-abuse.org
Thu Dec 23 03:27:20 CET 2004

At 11:04 AM +0100 2004-12-22, Florian Weimer wrote:

>  Feedback from selected, trustworthy Mailman users indicates that
>  Mailman users also think that this is a security bug.

	I agree that it's a security issue, but I think that there are 
other issues that are higher in the priority list for future updates 
to the 2.1.x tree as well as the all-new code for Mailman3.

	You'd have to get the official answer from Barry and Tokio for 
their respective trees as to what it would take to get the priority 
boosted, but I don't know that you're going to have much luck.

	In the future, if you feel that you have sensitive security 
issues with Mailman, it's probably better to contact Barry directly, 
and he can at least give you an indicator as to whether or not it he 
feels it would be appropriate to discuss amongst a broader group of 
people, and where he feels that discussion should/could take place.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Developers mailing list