[LRUG] LRUG passwords stored in plain text
murray.steele at lrug.org
Tue Feb 9 02:11:53 PST 2016
Hi Ian (and other rightly concerned folks),
The mailing list is run on a hosted Mailman service and there’s nothing I
can do to fix this. I don’t have access to the code, and even if I did, I
doubt it’s an easy fix.
The Mailman 2.x (the hosted service runs 2.1.17) user manual says "Warning:
Do NOT use a valuable password for Mailman, since it can be sent in plain
text to you.” which suggests to me that the developers are aware it’s a
problematic solution, but also that changing it isn’t an easy fix. There’s
a post from the mailman-users mailing list that backs this up because
they say it’ll be fixed in Mailman 3, which is a complete re-write.
Mailman 3 was released in April 2015 so I could ask the hosting service to
upgrade. However as it doesn't yet have feature-parity with Mailman 2 and
it’s not recommended as an upgrade path  I doubt they will. Mailman 3.1
has that as a priority , so once that’s released it should be an easier
I know this isn’t great news, but there’s not much more I can do at the
moment, sorry. I will however update the welcome message new subscribers
get to point out the known issue with passwords and suggest they use a new
password for this list.
On 8 February 2016 at 18:18, Ian Leitch <port001 at gmail.com> wrote:
> To whomever manages this list,
> I just requested a password "reminder" from
> I expected some kind of password hint, but no, my password was sent in
> plain text! Please fix!
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chat