On 1/20/2012 10:06 AM, Geoff Mayes wrote: > Thank you everyone for your help and sharing all of this information. I > found it very useful and further proof of the active and supportive Mailman > community. > > It sounds like, to summarize, the Mailman2 branch can lock down its passwords > by: > 1. disabling cron password reminders > 2. increasing the warning in the UI about not using valuable passwords > > Mailman2 cannot change the following, however, without code changes: > a. storing passwords unencrypted > b. sending password reminder emails to list subscribers who request a > reminder via the UI (is that right?). > > I'm not worried about (a), just trying to be thorough. > > Question: > Can list admins request a password reminder email via the UI? In the UI I > see that subscribers can but it doesn't look like list admins can. If that > is true and a list admin/owner loses their password, does the Mailman site > administrator have to fetch it for them? I'm thinking about the extra work > (however small, as others have pointed out that admins rarely change their > settings) this will put on our mailman administrator if there are 2k+ lists. > > Thanks to all for your prompt and wonderful responses, Geoff Mayes
I don't believe the List Administrator/owner can have the list admin password sent to them. I don't think the site administrator can do it either. The only solution is to have the Site Admin change the list administrator password or if there are multiple list admins, have them tell the other admins for the list what the password is or change the password and then let the other know (if any). But I could be wrong. We don't have 2+k lists so having the Site Admin change a list admin password is not a problem. Then again, since we started using Mailman, that has happened maybe three or four times. The student government moderates their own list for the undergraduate student population and sometimes they forget to let the incoming government people know the moderator password. Chris > >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On >> Behalf Of C Nulk >> Sent: Friday, January 20, 2012 9:39 AM >> To: [email protected] >> Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead >> of Sympa (from Majordomo) >> >> On 1/20/2012 8:48 AM, Carl Zwanzig wrote: >>> On 1/20/2012 1:05 AM, Mailman Admin wrote: >>>> On 2012-01-19 19:32, Geoff Mayes wrote: >>>>> Does anyone know a way around the emailed passwords issue in >>>>> Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's >> release? >>>> You can stop the cronjob used to email reminders. >>>> With this you don't email them to the users, but they will still be >>>> saved in clear text in Mailman. >>> You can also easily change the code to leave it out of the reminder. >> Or simplest of all, use the option on the General Settings page (under >> Notifications) and turn off the monthly reminders. >> >> Chris >> >> >> ------------------------------------------------------ >> Mailman-Users mailing list [email protected] >> http://mail.python.org/mailman/listinfo/mailman-users >> Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: >> http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- >> archive.com/mailman-users%40python.org/ >> Unsubscribe: http://mail.python.org/mailman/options/mailman- >> users/gmayes%40uoregon.edu ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
