On Thu, Mar 24, 2016 at 10:39 AM, Ranti Junus <ranti.ju...@gmail.com> wrote:
> Thank you, Eric, for the heads up and your guardianships... > > Mailman is easy to administer, but it has a huge caveat: when a user > request a password (reminder, etc.), it sends it as an email in plain text. Yikes! However, this is no longer true in mailman 3 (if heavily-developed-alpha is an okay answer); passwords are sha512-hashed and *maybe* also salted, though the docs are sparse on that front. (See, e.g., https://bazaar.launchpad.net/~mailman-coders/mailman/3.0/view/head:/src/mailman/utilities/passwords.py , https://bazaar.launchpad.net/~mailman-coders/mailman/3.0/view/head:/src/mailman/config/passlib.cfg , https://pythonhosted.org/passlib/lib/passlib.context.html#passlib.context.CryptContext.encrypt .) -- Andromeda Yelton Board of Directors, Library & Information Technology Association: http://www.lita.org http://andromedayelton.com @ThatAndromeda <http://twitter.com/ThatAndromeda>