On Sat, 2005-02-12 at 02:07, Bob Puff wrote: > So let me ask this: if we drop passwords for everything but the private > archives, do we really need to do anything differently than the format > currently in place? Do they really need to be one-way encrypted? Being able > to email a forgotten password has its benefits.
It's still worthwhile (in the long run) to hash the passwords. Some people tend to re-use them, so stealing Mailman passwords can potentially lead to cascading attacks. Password resets are fine. -Barry
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
