Re: [LUG] Request mailman configuration change;

To: list@xxxxxxxxxxxxx

Subject: Re: [LUG] Request mailman configuration change;

From: Simon Avery <digdilem@xxxxxxxxx>

Date: Sun, 1 Feb 2015 15:42:07 +0000

Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx

Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1412586362; h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:To:From:Message-ID:Date:References:In-Reply-To:MIME-Version; bh=7abJr76CgNgOnDZJEjD8pro4lHrfepdJWkkkv0jTp5w=; b=kZ3JJ0Ld2GkCTV0lpPVTLtk1EQn4HMf0Ai5NNEwtRbS2ofSHniQ2SdoSsIX99XsUKlcAj/6+/pG281mqAwahJwjjz5PWOqTk72XL0nJ5H+IrbxG1NHG0tK0s7nUjgr/zl0hbdrHburTqYoWElNPt2yJ5plqaSKIlNFJ+kpwrtxc=;

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=h97Q6owEoi/QClof6UJkmZZPgxWWsLV9TMRueVx35mk=; b=Ds03GZ7ynyza+miqrWTpxeqIdVZCnEKdfN2agJTSIwHNsD1/99CWZhu5/R3KpzL2Kh vr2qx7nLAhvt4AckF/KT/+uAGocmcY/HO5f3hMuEEN12kw+z9+uQpWpMW4R7XU2DdpvF iSL0AHyhT3SfNCD371HFY1mKF2YHC8vqkxowUVeqYfrELpmoImMn7E6AKLi2GC1QlBrQ r8tYTWxUx5yyUVuunpwz4eha5dT20H1kXBSriuXsw9r+YGDv3rhXIM+b47kjVWtgd/SY t240sh3ySDGUM+L/iGNGE3yNpWMlLEwMYJQyo3mBTd8dqx6TyoPwoyNKF8RCRsseOusC tsWg==

On 1 February 2015 at 12:18, Brad Rogers <brad@xxxxxxxxxxxx> wrote:

Mailman warns not to use sensitive passwords for this reason.Â Some of

That's... An interesting security approach!

what you want would require a re-write of mailman's code.Â Whether or

Well - not the "no monthly reminders" bit, won't. That's a global list setting FWIR.

Also editing one of the templates might be enough, but as I say, I don't use MM myself any more to know if that's the case.

not the default should be "send monthly reminders" is debatable, but if
it gets changed, I'll guarantee there'll be some broo-hah-hah about it
- *even if it's debated on list first*.Â In any case, any service that

can email you your password, whether encrypted or not, ought to be
considered suspect.Â Facebook, for example, does not email you a copy
of your password, they send a link to your registered email address
to reset it.Â It's encrypted with a one way cypher for that very reason.

Yep, exactly. Transmission of passwords should not be considered acceptable.Â

For the next version of mailman (v3) I understand that the ability to
send password reminders is to be dropped.

I had somewhat assumed Mailman was abandoned. Having just checked the site, I'm shocked to hear a new version was released only 3 days ago. Maybe there is life in that old dog yet.