[LRUG] LRUG passwords stored in plain text
Murray Steele
murray.steele at lrug.org
Tue Feb 9 02:11:53 PST 2016
Hi Ian (and other rightly concerned folks),
The mailing list is run on a hosted Mailman service and there’s nothing I
can do to fix this. I don’t have access to the code, and even if I did, I
doubt it’s an easy fix.
The Mailman 2.x (the hosted service runs 2.1.17) user manual says "Warning:
Do NOT use a valuable password for Mailman, since it can be sent in plain
text to you.”[1] which suggests to me that the developers are aware it’s a
problematic solution, but also that changing it isn’t an easy fix. There’s
a post[2] from the mailman-users mailing list that backs this up because
they say it’ll be fixed in Mailman 3, which is a complete re-write.
Mailman 3 was released in April 2015 so I could ask the hosting service to
upgrade. However as it doesn't yet have feature-parity with Mailman 2 and
it’s not recommended as an upgrade path [3] I doubt they will. Mailman 3.1
has that as a priority [4], so once that’s released it should be an easier
sell.
I know this isn’t great news, but there’s not much more I can do at the
moment, sorry. I will however update the welcome message new subscribers
get to point out the known issue with passwords and suggest they use a new
password for this list.
Cheers,
Murray
[1]: http://www.list.org/mailman-member/node15.html
[2]: https://mail.python.org/pipermail/mailman-users/2010-July/069844.html
[3]: http://wiki.list.org/DEV/Mailman%203.0#line-17
[4]: http://wiki.list.org/DEV/Mailman%203.1
On 8 February 2016 at 18:18, Ian Leitch <port001 at gmail.com> wrote:
> To whomever manages this list,
>
> I just requested a password "reminder" from
> http://lists.lrug.org/options.cgi/chat-lrug.org
>
> I expected some kind of password hint, but no, my password was sent in
> plain text! Please fix!
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20160209/1e0870e9/attachment.html>
More information about the Chat
mailing list