On Tue, Nov 01, 2011 at 07:52:08AM -0400, Jeffrey Walton wrote:
Its the first of the month, and I'm receiving my passwords from Mailman servers.
Its the first of the month, and I'm receiving my passwords from Mailman servers.
(I disable Mailman-day crontab entries.)
I don't want my passwords stored in the plain text, and I don't want
them stored with reversible encryption.
Install Mailman 3.them stored with reversible encryption.
Mark may have a more useful suggestion of what to patch, and there
could well be something in the archives about this.
How do I turn off this security hole (feature?).
The standard listinfo text warns:You may enter a privacy password below. This provides only mild
security, but should prevent others from messing with your
subscription. Do not use a valuable password as it will
occasionally be emailed back to you in cleartext.
You could, perhaps, edit the listinfo blurb, to give that greater
prominence?
--
"Celebrity can be malign in that it becomes a form of idolatry, and
people live their lives vicariously through the rich and famous rather
than attending to their own lives."
-- John Sentamu
