[Mailman-Users] How to turn off plain text passwords?

Jeffrey Walton noloader at gmail.com
Tue Nov 1 19:28:54 CET 2011

Hi Adam,

On Tue, Nov 1, 2011 at 12:13 PM, Adam McGreggor
<adam-mailman at amyl.org.uk> wrote:
> On Tue, Nov 01, 2011 at 07:52:08AM -0400, Jeffrey Walton wrote:
>> Its the first of the month, and I'm receiving my passwords from Mailman servers.
> Happy Mailman Day!
> (I disable Mailman-day crontab entries.)

>> I don't want my passwords stored in the plain text, and I don't want
>> them stored with reversible encryption.
> Install Mailman 3.
OK. I'm not the sysadmin, so I can't control the software.

I can control my account settings. But I take it there is nothing I
can do as a user.

> Mark may have a more useful suggestion of what to patch, and there
> could well be something in the archives about this.
>> How do I turn off this  security hole (feature?).
> The standard listinfo text warns:
>    You may enter a privacy password below. This provides only mild
>    security, but should prevent others from messing with your
>    subscription. Do not use a valuable password as it will
>    occasionally be emailed back to you in cleartext.
> You could, perhaps, edit the listinfo blurb, to give that greater
> prominence?
Well, between plain text passwords and non-authenticated users
tampering, its really a no win situation for the user.

I wish these list managers would get a f**king clue and do things securely.


More information about the Mailman-Users mailing list