[dundee] Concerning mailman security

Kevin Smith kevin.smith at thesoftwaresociety.org.uk
Mon Aug 6 10:11:18 UTC 2012


Seemingly this "feature" has been removed as of 2007
http://wiki.list.org/display/DEV/2007/01/13/Passwords+done+right however
I'm still getting the reminders as well. So either the plaintext part
hasn't been removed or the instance running this list is massively out
of date. Both are not good.

However, from a security point of view, I'm not too concerned about the
plaintext nature of password storage.

1. Its just a mailing list. Nothing of any real consequence. I doubt
Finux et al would care to change your mailing preferences, his time is
much more valuable (I assume)
2. Unless you deliberately make a password when subscribing, mailman
generates one for you so password reuse is almost guaranteed not to happen

-- 
Kevin Smith
For and on behalf of:
The Software Society Limited
3 Ralston Business Centre,
Newtyle,
Blairgowrie
Perthshire
PH12 8TL
SCOTLAND

A Company Limited by Guarantee
Registered in Scotland, Company Number SC413286



More information about the dundee mailing list