I'm all for the password-less stuff, but then how do you authenticate for members-only archives? I've got big lists that must be members-only for the archives.
Bob ---------- Original Message ----------- From: Tokio Kikuchi <[EMAIL PROTECTED]> To: John Dennis <[EMAIL PROTECTED]> Cc: mailman-developers@python.org, Barry Warsaw <[EMAIL PROTECTED]> Sent: Fri, 11 Feb 2005 09:29:58 +0900 Subject: Re: [Mailman-Developers] Hashing member passwords in config.pck > Hi, > > John Dennis wrote: > > > My suggestion would be: > > > > 1) As soon as possible post MM 2.1.6 with the security patch. > > +1 > > > > > 2) Quickly follow up with MM 2.1.7 with the member passwords hashed. > > I would suggest 'mailman 2.2' and introduce password-less membership. > Most of the user operations should be done by confirmation string > sent by email message. Users can optionally have their passwords > which should be stored in hashed format. > > Other 2.2 features I imagine are: > - Languages are selectable at configure option. > - Internal strings are unified to unicode to reduce type checking. > - Utf-8 web pages for > > > At > > the same time I think we should implement the stronger password > > generation suggested in this open advisory against mailman. > > > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-1143 > > > This has been integrated in 2.1.6 CVS. > > -- > Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp > http://weather.is.kochi-u.ac.jp/ > > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/bob%40nleaudio.com ------- End of Original Message ------- _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org