I know this has been asked before, but I haven't found anything about whether or not this will be a future change or how to work around it.
The passwords in Mailman, are stored unencrypted. The web connection can be encrypted by SSL to avoid man in the middle, but passwords are sent in clear text in password reminders. Is there any plans of a future change so passwords will be stored encrypted, and some kind of one-time link to change the password, instead of sending reminders, or some kind of challenge will be implemented, to avoid revealing the password to third party? Otherwise I will request such a change. Henrik Rasmussen ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
