Mailman passwords aren't secure anyway: You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.
Niklas Hambüchen writes: > Hey, > > just signed up to the mailing list. The signup page at > > http://lists.zx2c4.com/mailman/listinfo/password-store > > is unencrypted and https seems to not work there, so my password is now > unavoidably owned by the guy sniffing the Starbucks traffic next to me. > > This is not too much of a problem for me right now since I use random > passwords for each signup, but this still feels like an unfortunate > setup for unsuspecting/non-technical people who re-use passwords and > just want to ask a question to this mailing list. > > Could the mailman config be put under https? > > By the way, this would also make sense for the pass website, or so that > I can at least retreive the signing pubkey via an authenticated > transport (of course to be sure I'd still have to validate the key > identity). Currently there is no way for me to see whether the pass code > I clone has integrity at all because all means to obtain or verify it > can be trivially man-in-the-middled. > > Thanks! > > > _______________________________________________ > Password-Store mailing list > [email protected] > http://lists.zx2c4.com/mailman/listinfo/password-store -- Kyle Marek-Spartz _______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
