[Mailman-Users] How to turn off plain text passwords?

[Jeffrey Walton]

On Wed, Nov 2, 2011 at 7:40 AM, Larry Stone <lstone19 at stonejongleux.com> wrote:
> Jeffrey Walton writes:
>
>> The best I can tell, Mailman 2 did the wrong thing.
>
> The best I can tell, your expectations for Mailman's security and the software authors' expectations are completely different.
Agreed. I was very naive.

> Mailman works with Mail. SMTP mail is very insecure with headers, etc. easily spoofed (by design - just as I can easily spoof the sender on a piece of paper mail I drop in a mailbox). What good does high security on Mailman do if it's trivial to step around the gate?
>
Agreed. I have no expectation that my messages to the list will be
private, or my email will be private. An attacker gains nothing from
reading my messages posted to a public mailing list.

But the password database used by Mailman is not a public database.
Users have a reasonable expectation of security surrounding it. An
attacker gains a list of {user name, email, password} when the system
is compromised.

>> Confer: list managers did not fix Mailman 2 (nor did they use other
>> software which was secure). Why would you expect them to research
>> and securely configure Mailman 3?
> List managers have nothing to do with this. Us "list managers" did not write the software. We're just higher level users of Mailman than the reader of a mailing list that uses Mailman. But we're still just users.
Both are at fault. First are the developers for using an insecure
system, and second are the folks who use it in production. In this
case "crowd security" failed - more eyeballs were not better and did
not lead to improvements.

> If Mailman does not meet your needs due to it failing to meet the security requirements you personally have, don't use it.
Unrealistic. I have no control over what software a particular mailing
list uses. Its kind of like saying, "if you don't like the smog, don't
breathe the air".

Jeff