Hi, John Dennis wrote:
> My suggestion would be: > > 1) As soon as possible post MM 2.1.6 with the security patch. +1 > > 2) Quickly follow up with MM 2.1.7 with the member passwords hashed. I would suggest 'mailman 2.2' and introduce password-less membership. Most of the user operations should be done by confirmation string sent by email message. Users can optionally have their passwords which should be stored in hashed format. Other 2.2 features I imagine are: - Languages are selectable at configure option. - Internal strings are unified to unicode to reduce type checking. - Utf-8 web pages for > At > the same time I think we should implement the stronger password > generation suggested in this open advisory against mailman. > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-1143 > This has been integrated in 2.1.6 CVS. -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
