The installation of mailman that I'm using has the monthly sending of password reminders as the default setting.
This led to some discussion with members of one of my mailman lists. It seems very odd that mailman sends clear-text passwords through e-mail. The use of one-way hashing passwords has been known a long time - Unix version 6 that came out in 1975 already had crypt that was used for one-way encryption of passwords. Does anybody know why mailman stores passwords in clear text? I imagine that, back in the '90s, when majordomo was written, it seemed an OK thing to do because nobody thought that all their email was being read - now that everybody knows that e-mail is entirely unsafe, it seems odd that mailman still does this. Are there any plans to tighten the security up? ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
