[Bf-committers] Plaintext password in membership reminder
Dan McGrath
danmcgrath.ca at gmail.com
Fri Jun 8 17:03:15 CEST 2018
Hi Torsten,
I am aware of your concern. Unfortunately, I did not write Mailman :(
AFAIK, there are only 3rd party addon's to do such things, but I believe
that the situation comes down to it being a known issue, with the
recommendation being for you to not use important passwords for the
service, and also to disable the feature that mails you a password back, in
case someone else can read your email (we do use SSL transport during
delivery, and require HTTPS for the website).
Please refer to these urls:
https://mail.python.org/pipermail/mailman-users/2010-July/069843.html
http://www.list.org/mailman-member/node15.html
http://www.list.org/mailman-member/node18.html
At some point, Mailman 3 will do away with these, but as of yet I don't
believe it is stable. This software is about as old as the internet, and
unfortunately, it does assume a little too much for the user. To be fair
though, you are warned very clearly about this during the creation of the
account:
http://pasteall.org/pic/show.php?id=a310d07569563858a1483c7b4a96430c
Gotta love old legacy systems. Also, gotta love volunteering to maintain
legacy systems. If you would like to sponsor a few thousand dollars to me
to upgrade to mailman 3, perhaps I could put a rush on things, otherwise,
sorry!
Cheers,
Dan
More information about the Bf-committers
mailing list