[Mailman-Users] How to turn off plain text passwords?
Jeffrey Walton
noloader at gmail.com
Tue Nov 1 19:28:54 CET 2011
Hi Adam,
On Tue, Nov 1, 2011 at 12:13 PM, Adam McGreggor
<adam-mailman at amyl.org.uk> wrote:
> On Tue, Nov 01, 2011 at 07:52:08AM -0400, Jeffrey Walton wrote:
>> Its the first of the month, and I'm receiving my passwords from Mailman servers.
>
> Happy Mailman Day!
>
> (I disable Mailman-day crontab entries.)
:)
>> I don't want my passwords stored in the plain text, and I don't want
>> them stored with reversible encryption.
>
> Install Mailman 3.
OK. I'm not the sysadmin, so I can't control the software.
I can control my account settings. But I take it there is nothing I
can do as a user.
> Mark may have a more useful suggestion of what to patch, and there
> could well be something in the archives about this.
>
>> How do I turn off this security hole (feature?).
>
> The standard listinfo text warns:
>
> You may enter a privacy password below. This provides only mild
> security, but should prevent others from messing with your
> subscription. Do not use a valuable password as it will
> occasionally be emailed back to you in cleartext.
>
> You could, perhaps, edit the listinfo blurb, to give that greater
> prominence?
Well, between plain text passwords and non-authenticated users
tampering, its really a no win situation for the user.
I wish these list managers would get a f**king clue and do things securely.
Jeff
More information about the Mailman-Users
mailing list