On 9/19/2020 11:50 AM, Matthew Pounsett wrote:
I'm pretty sure that's pure FUD. I'm not the expert on mailman that most of you are, but I can think of no reason for mailman itself to ever speak HTTP or SMTP, and therefore no reason for it to need to do TLS. I'd be very surprised at anyone running a mailman setup where there wasn't a web server and an MTA sitting between mailman and the rest of the Internet. Am I wrong about that?
IMO a lot of this crap comes from the Knee-Jerk Security Department fueled by Google's "our data collection is secure by default" PR. It is for many practical purposes FUD but since the huge scary "Insecurity! Run! Run Away!" dialog box is now built into every client app and most users don't know any better, we're SOL.
This is why the "I won't ever need any new features in MM2" stance is not realistic: *I* may not, but it's not up to me.
Dima ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
