[Bf-committers] Plaintext password in membership reminder

Dan McGrath danmcgrath.ca at gmail.com
Fri Jun 8 17:03:15 CEST 2018

Hi Torsten,

I am aware of your concern. Unfortunately, I did not write Mailman :(
AFAIK, there are only 3rd party addon's to do such things, but I believe
that the situation comes down to it being a known issue, with the
recommendation being for you to not use important passwords for the
service, and also to disable the feature that mails you a password back, in
case someone else can read your email (we do use SSL transport during
delivery, and require HTTPS for the website).

Please refer to these urls:


At some point, Mailman 3 will do away with these, but as of yet I don't
believe it is stable. This software is about as old as the internet, and
unfortunately, it does assume a little too much for the user. To be fair
though, you are warned very clearly about this during the creation of the


Gotta love old legacy systems. Also, gotta love volunteering to maintain
legacy systems. If you would like to sponsor a few thousand dollars to me
to upgrade to mailman 3, perhaps I could put a rush on things, otherwise,



More information about the Bf-committers mailing list