Bug#916101: mailman3: uses a hard-coded and mismatched api_key in mailman-hyperkitty.cfg

Sampo Sorsa Mon, 10 Dec 2018 00:16:01 -0800

Source: mailman3

Dear Maintainer,


mailman-hyperkitty.cfg [1] contains:

    api_key: SecretArchiverAPIKey

mailman3-web postinst however, checks for this api_key and generates a random 
one if it has not been changed [2]. This means the default setup for hyperkitty 
contains mismatched api key, and will not work.

mailman3 should generate api_key when writing 
/etc/mailman3/mailman-hyperkitty.cfg. Then the logic for randomizing the 
password could be removed from mailman3-web.

[1]: 
https://salsa.debian.org/mailman-team/mailman-hyperkitty/blob/master/mailman-hyperkitty.cfg
[2]: 
https://salsa.debian.org/mailman-team/mailman-suite/blob/master/debian/mailman3-web.postinst#L114-125

Bug#916101: mailman3: uses a hard-coded and mismatched api_key in mailman-hyperkitty.cfg

Reply via email to