Mark Sapiro writes: > On 07/02/2014 03:58 AM, Henrik Rasmussen wrote: > > I know this has been asked before, but I haven't found anything > > about whether or not this will be a future change or how to work > > around it.
> You can always remove cron/mailpasswds from Mailman's crontab to avoid > sending monthly reminders all together regardless of list or user > settings. Users will still be able to request a reminder from the > options login page. A more complicated option is to use MemberAdapter and handle authentication entirely yourself. IMHO, for anybody who has done the work ensuring the security of the accompanying system (TLS/SASL for all communications, encrypted hard drives for all stored traffic including users' archives, etc), MemberAdapter will be a snap. :-) Of course in security every little bit matters, and the design decision in Mailman 3 to never store unencrypted (or decryptable, for that matter) passwords was the correct one. But given how leaky the mail system is by default, I think the incremental benefit to the vast majority of our users to trying to plug this hole ex post design of Mailman 2 is too small to justify the effort. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org