Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread Geoff Mayes 
Larry,

I think you closed our security hole!  You're right that someone else getting 
their hands on your mailman password is incredibly minor.  The issue is when 
individuals subscribe to lists using their central LDAP/AD password as their 
Mailman list password.  In that case password interception is a bigger deal.

As you recommend in your paragraph on password best practices, people should 
let Mailman2 auto-generate a password.  And it looks like this can easily be 
enforced by simply removing the "Pick a password" and "Reenter password to 
confirm" fields from the list subscription page.  Mailman will then 
auto-generate all passwords.  Voila!  Unique passwords that only exist in 
Mailman.  (Now if someone chooses to start using their Mailman list password as 
their LDAP password...)   :)

The annoying issue that remains is that Mailman2 cannot be brought under 
centralized authorization and users have yet another password to maintain.  But 
as you and others have pointed out, list owners and list subscribers rarely 
interact with Mailman.  And MM3 is on the horizon...

This is great.  Thanks, Geoff

> -Original Message-
> From: mailman-users-bounces+gmayes=uoregon@python.org
> [mailto:mailman-users-bounces+gmayes=uoregon@python.org] On
> Behalf Of Larry Stone
> Sent: Friday, January 20, 2012 1:18 PM
> To: mailman-users@python.org
> Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead
> of Sympa (from Majordomo)
> 
> On Thu, 19 Jan 2012, Geoff Mayes wrote:
> 
> > If Mailman
> > provided a way around the passwords in the clear issue, I'm pretty
> > sure we'd go with Mailman ...
> 
> My personal opionion is Mailman passwords are so insignificant that it really
> shouldn't be an issue. On the other hand, I recognize that you may have
> direction from above that because it's called a "password", it needs to be
> ulta-secure (there are, unfortunately, too many bosses who don't
> understand security and don't understand that different types of systems
> have different security needs). How much damage could be done if a
> Mailman user password was compromised? How much damage could be
> done if my on-line banking password was compromised? The answers are
> very different yet there are many who want them secured in the same way.
> 
> I so rarely use a Mailman password that I don't even try to remember it.
> If I need to use it on a Mailman system, I have it send it to me, use it, then
> forget it.
> 
> If someone wants to mess up my subscription on a Mailman system, well, go
> ahead. I have far more important things in life to worry about.
> 
> Also, consider how many other times passwords are sent in the clear, just
> not in email. A snail mail with a password is also a "password sent in the 
> clear"
> yet few seem to have a problem with that. Maybe because I practice good
> password managment, I am less concerned about an email being snooped
> than I am about snail mail theft or privileged access abuses.
> 
> I would not worry about Mailman passwords being sent in the clear and
> instead, urge users to use good password practices. For Mailman, encourage
> them to let Mailman assign a password (and thereby, not reuse a PW).
> Because no matter what you do, people will reuse passwords, use the same
> password for low and high security needs, use easy-to-guess passwords,
> write them down, and other things that just make Mailman's password
> concerns the least of your organization's security concerns.
> 
> -- Larry Stone
> lston...@stonejongleux.com
> --
> Mailman-Users mailing list Mailman-Users@python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy:
> http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-
> archive.com/mailman-users%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-
> users/gmayes%40uoregon.edu
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread Larry Stone 

On Thu, 19 Jan 2012, Geoff Mayes wrote:

If Mailman 
provided a way around the passwords in the clear issue, I'm pretty sure 
we'd go with Mailman ...


My personal opionion is Mailman passwords are so insignificant that it 
really shouldn't be an issue. On the other hand, I recognize that you may 
have direction from above that because it's called a "password", it needs 
to be ulta-secure (there are, unfortunately, too many bosses who don't 
understand security and don't understand that different types of systems 
have different security needs). How much damage could be done if a Mailman 
user password was compromised? How much damage could be done if my on-line 
banking password was compromised? The answers are very different yet there 
are many who want them secured in the same way.


I so rarely use a Mailman password that I don't even try to remember it. 
If I need to use it on a Mailman system, I have it send it to me, use it, 
then forget it.


If someone wants to mess up my subscription on a Mailman system, well, go 
ahead. I have far more important things in life to worry about.


Also, consider how many other times passwords are sent in the clear, just 
not in email. A snail mail with a password is also a "password sent in the 
clear" yet few seem to have a problem with that. Maybe because I practice 
good password managment, I am less concerned about an email being snooped 
than I am about snail mail theft or privileged access abuses.


I would not worry about Mailman passwords being sent in the clear and 
instead, urge users to use good password practices. For Mailman, encourage 
them to let Mailman assign a password (and thereby, not reuse a PW). 
Because no matter what you do, people will reuse passwords, use the same 
password for low and high security needs, use easy-to-guess passwords, 
write them down, and other things that just make Mailman's password 
concerns the least of your organization's security concerns.


-- Larry Stone
   lston...@stonejongleux.com
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread Barry Warsaw 
On Jan 19, 2012, at 06:32 PM, Geoff Mayes wrote:

> Mailman is more mature (the max bug ID for mailman in its issue-tracking
> system is ~913,400; the max bug ID for Sympa is 8,117 and there is still no
> bug category for Sympa's latest version -- 6.1.7 -- even though it has been
> out for over 4 months)

I'm not sure bug numbers are a good indication.  Launchpad has one namespace
for all bugs, so the maximum number reflects bugs reported across all hosted
upstream projects *and* all Ubuntu bugs.

OTOH, Mailman has been around since the mid-90's.  That's good because the key
parts of the code are heavily battle-tested and (IMO) very stable.  It's bad
because some things like the web ui really need  a good updating (and this is
going on in the web-ui project for Mailman 3).

> Mailman has greater branch stability and code reliability (I noticed that
> Barry ran a pre-checkin acceptance suite for the Postgres patch for Mailman
> 3 before he checked it in)

Yep.  I have a strict testing policy for mm3 code.

> Mailman has a bright and well-documented future (Mailman 3 and its bug
> tracker, source code, milestones, etc)

I think so too!

> Mailman has a more active and supportive community, which is very important
> in resolving future issues (Mailman had 150 list postings in December and
> through mid-January while Sympa had 44; I've been impressed with Mark
> Sapiro's responsiveness on this list)

Mark is *awesome*.

>Does anyone know a way around the emailed passwords issue in Mailman, clever
>hacks, certain plugins, or a timeline for Mailman 3's release?

As I think others have pointed out, individual users can disable password
reminders, list admins can disable them for their lists, and site admins can
disable them for the entire site (by turning off the cron job).

As for mm3 release, well, I think now that I'll be giving a talk at Pycon 2012
on it, I *have* to release it before then!  There are two blockers, that I am
attempting to solve before going into beta.  1) the REST API needs an
authentication/authorization framework; 2) we need some kind of schema
migration approach.  Come on over to mailman-developers@ if you want to
participate.

I know there is at least one site using mm3 in production today.  I have some
patches that need to be applied to improve the API performance, but I'm
confident the core engine is pretty solid.

>I've written a number of Django apps using my own LDAP module, so I was also
>wondering if folks think now is a mature-enough time to perhaps grab Mailman
>3, its Django front-end, and hack together what I'm after?

Yes, I think now is a great time to do that.  The API is fleshed out enough
that you should be able to build a web-ui to communicate with it, or you can
help Florian and Terri drive the official web-ui toward release.

>A final, random question: Mailman 3 is still in alpha, but is it stable given
>that it's almost been in alpha for 4 years?

Nothing can replace actual field testing under real world conditions, but I'm
pretty confident about the core engine.  As I mentioned above, one way or
another it has to go to beta before Pycon. :)

-Barry
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] E-Mail Interface Documentation

2012-01-20 Thread Mark Sapiro 
Sascha Rissel wrote:
>
>is there a documentation of the email interface available somewhere?
>I found: http://www.list.org/mailman-member/node10.html
>but that page seems to be offline.


Yes, www.list.org appears to be currently off line. It is mirrored at
 and
. You can find the above page at
 and
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread C Nulk 
On 1/20/2012 10:06 AM, Geoff Mayes wrote:
> Thank you everyone for your help and sharing all of this information.  I 
> found it very useful and further proof of the active and supportive Mailman 
> community.
>
> It sounds like, to summarize, the Mailman2 branch can lock down its passwords 
> by:
> 1. disabling cron password reminders
> 2. increasing the warning in the UI about not using valuable passwords
>
> Mailman2 cannot change the following, however, without code changes:
> a. storing passwords unencrypted
> b. sending password reminder emails to list subscribers who request a 
> reminder via the UI (is that right?).
>
> I'm not worried about (a), just trying to be thorough.
>
> Question:
> Can list admins request a password reminder email via the UI?  In the UI I 
> see that subscribers can but it doesn't look like list admins can.  If that 
> is true and a list admin/owner loses their password, does the Mailman site 
> administrator have to fetch it for them?  I'm thinking about the extra work 
> (however small, as others have pointed out that admins rarely change their 
> settings) this will put on our mailman administrator if there are 2k+ lists.
>
> Thanks to all for your prompt and wonderful responses, Geoff Mayes

I don't believe the List Administrator/owner can have the list admin
password sent to them.  I don't think the site administrator can do it
either.  The only solution is to have the Site Admin change the list
administrator password or if there are multiple list admins, have them
tell the other admins for the list what the password is or change the
password and then let the other know (if any).

But I could be wrong.  We don't have 2+k lists so having the Site Admin
change a list admin password is not a problem.  Then again, since we
started using Mailman, that has happened maybe three or four times.  The
student government moderates their own list for the undergraduate
student population and sometimes they forget to let the incoming
government people know the moderator password.

Chris
>
>> -Original Message-
>> From: mailman-users-bounces+gmayes=uoregon@python.org
>> [mailto:mailman-users-bounces+gmayes=uoregon@python.org] On
>> Behalf Of C Nulk
>> Sent: Friday, January 20, 2012 9:39 AM
>> To: mailman-users@python.org
>> Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead
>> of Sympa (from Majordomo)
>>
>> On 1/20/2012 8:48 AM, Carl Zwanzig wrote:
>>> On 1/20/2012 1:05 AM, Mailman Admin wrote:
 On 2012-01-19 19:32, Geoff Mayes wrote:
> Does anyone know a way around the emailed passwords issue in
> Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's
>> release?
 You can stop the cronjob used to email reminders.
 With this you don't email them to the users, but they will still be
 saved in clear text in Mailman.
>>> You can also easily change the code to leave it out of the reminder.
>> Or simplest of all, use the option on the General Settings page (under
>> Notifications) and turn off the monthly reminders.
>>
>> Chris
>>
>>
>> --
>> Mailman-Users mailing list Mailman-Users@python.org
>> http://mail.python.org/mailman/listinfo/mailman-users
>> Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy:
>> http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-
>> archive.com/mailman-users%40python.org/
>> Unsubscribe: http://mail.python.org/mailman/options/mailman-
>> users/gmayes%40uoregon.edu
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] slow "out" queue

2012-01-20 Thread Mark Sapiro 
Anil Jangity wrote:

>We just moved a very old mailman infrastructure mailman to Solaris and 
>sendmail.
>It seems, when a message is posted, the "out" directory doesn't seem to clear 
>out fast enough. 
>
>   1K   archive
>   1K   bounces
>   1K   commands
>   1K   in
>   1K   news
> 403K   out
>   1K   retry
>   1K   shunt
>   1K   virgin
>
>The size just stays like that forever and slowly decrements. When I look in 
>/var/log/syslog (mail log of sendmail), I see deliveries going through.


Look at Mailman's 'smtp' log. You undoubtedly have a huge backlog in
the out queue because you aren't processing outgoing SMTP fast enough
to keep up with demand. In the smtp log you will see entries like

Jan 20 09:41:14 2012 (17283)  smtp to listname for 223
recips, completed in 3.500 seconds

You will observe that each entry's timestamp is equal to that of the
previous entry plus this entry's 'completed in' time indicating no
delay between messages. Each entry represents processing of one out/
queue entry. You will probably also note that the processing rate is
much less than the 64 recipients/second in the above message which is
from a full VERP installation.


>I do a 'truss' of the OutgoingRunner python process and I see:
>
>% truss -p 11997
>recv(10, 0x00748454, 8192, 0)   (sleeping...)
>...
>% 
>
>
>What is it waiting for?


Most likely an SMTP reply from sendmail. See the FAQ's at
 and . This
is almost certainly a case of sendmail not keeping up with Mailman's
demand and if so, will require sendmail tuning to fix.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread Geoff Mayes 
Thank you everyone for your help and sharing all of this information.  I found 
it very useful and further proof of the active and supportive Mailman community.

It sounds like, to summarize, the Mailman2 branch can lock down its passwords 
by:
1. disabling cron password reminders
2. increasing the warning in the UI about not using valuable passwords

Mailman2 cannot change the following, however, without code changes:
a. storing passwords unencrypted
b. sending password reminder emails to list subscribers who request a reminder 
via the UI (is that right?).

I'm not worried about (a), just trying to be thorough.

Question:
Can list admins request a password reminder email via the UI?  In the UI I see 
that subscribers can but it doesn't look like list admins can.  If that is true 
and a list admin/owner loses their password, does the Mailman site 
administrator have to fetch it for them?  I'm thinking about the extra work 
(however small, as others have pointed out that admins rarely change their 
settings) this will put on our mailman administrator if there are 2k+ lists.

Thanks to all for your prompt and wonderful responses, Geoff Mayes

> -Original Message-
> From: mailman-users-bounces+gmayes=uoregon@python.org
> [mailto:mailman-users-bounces+gmayes=uoregon@python.org] On
> Behalf Of C Nulk
> Sent: Friday, January 20, 2012 9:39 AM
> To: mailman-users@python.org
> Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead
> of Sympa (from Majordomo)
> 
> On 1/20/2012 8:48 AM, Carl Zwanzig wrote:
> > On 1/20/2012 1:05 AM, Mailman Admin wrote:
> >> On 2012-01-19 19:32, Geoff Mayes wrote:
> >>> Does anyone know a way around the emailed passwords issue in
> >>> Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's
> release?
> >>>
> >> You can stop the cronjob used to email reminders.
> >> With this you don't email them to the users, but they will still be
> >> saved in clear text in Mailman.
> >
> > You can also easily change the code to leave it out of the reminder.
> 
> Or simplest of all, use the option on the General Settings page (under
> Notifications) and turn off the monthly reminders.
> 
> Chris
> 
> 
> --
> Mailman-Users mailing list Mailman-Users@python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy:
> http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-
> archive.com/mailman-users%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-
> users/gmayes%40uoregon.edu
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread C Nulk 
On 1/20/2012 8:48 AM, Carl Zwanzig wrote:
> On 1/20/2012 1:05 AM, Mailman Admin wrote:
>> On 2012-01-19 19:32, Geoff Mayes wrote:
>>> Does anyone know a way around the emailed passwords issue in Mailman,
>>> clever hacks, certain plugins, or a timeline for Mailman 3's release?
>>>
>> You can stop the cronjob used to email reminders.
>> With this you don't email them to the users, but they will still be
>> saved in clear text in Mailman.
>
> You can also easily change the code to leave it out of the reminder.

Or simplest of all, use the option on the General Settings page (under
Notifications) and turn off the monthly reminders.

Chris


--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread Carl Zwanzig 

On 1/20/2012 1:05 AM, Mailman Admin wrote:

On 2012-01-19 19:32, Geoff Mayes wrote:

Does anyone know a way around the emailed passwords issue in Mailman,
clever hacks, certain plugins, or a timeline for Mailman 3's release?


You can stop the cronjob used to email reminders.
With this you don't email them to the users, but they will still be
saved in clear text in Mailman.


You can also easily change the code to leave it out of the reminder.

z!
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread Adam McGreggor 
On Fri, Jan 20, 2012 at 10:05:20AM +0100, Mailman Admin wrote:
> On 2012-01-19 19:32, Geoff Mayes wrote:
> > 
> > I hope a general question about Mailman's features and future
> > direction (along with some Sympa comparisons) are appropriate for
> > this list.
> > 
> > The University of Oregon is migrating away from Majordomo. 

Hurrah! ;o)

> > We
> > decided on Sympa because Mailman sends passwords over email
> <... >
> > Does anyone know a way around the emailed passwords issue in Mailman,
> > clever hacks, certain plugins, or a timeline for Mailman 3's release?
> > 
> You can stop the cronjob used to email reminders.

+1

> With this you don't email them to the users, but they will still be
> saved in clear text in Mailman.

Another way could be to make the 'don't use a valuable password' text
more prominent, or enforce some password complexity test.

There is the LDAP extension, YMMV.

> > I've written a number of Django apps using my own LDAP module, so I
> > was also wondering if folks think now is a mature-enough time to
> > perhaps grab Mailman 3, its Django front-end, and hack together what
> > I'm after?
> > A final, random question: Mailman 3 is still in alpha, but is it
> > stable given that it's almost been in alpha for 4 years?

http://mail.python.org/pipermail/mailman-announce/2011-September/000164.html
seems to be the latest update. IIRC, Barry's not on -users, but does
post on -developers.

(There was an update, but I can't quickly find it)

I could be wrong on that, though/


-- 
"I try not to get drunk at lunchtime any earlier in the week than
 Thursday."
-- Giles Coren
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] E-Mail Interface Documentation

2012-01-20 Thread Mailman Admin 
Hello Sascha Rissel


On 2012-01-20 09:04, Sascha Rissel wrote:
> 
> is there a documentation of the email interface available somewhere?
> I found: http://www.list.org/mailman-member/node10.html
> but that page seems to be offline.

You can send an email to any list with activated processing of email
commands, in order to get the command syntax.

Just send an email with subject "help" (without quotes) to
somelist-requ...@yourdomain.org

As an example mailman-users-requ...@python.org should work.


Kind regards,
Christian Mack
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)

2012-01-20 Thread Mailman Admin 
On 2012-01-19 19:32, Geoff Mayes wrote:
> 
> I hope a general question about Mailman's features and future
> direction (along with some Sympa comparisons) are appropriate for
> this list.
> 
> The University of Oregon is migrating away from Majordomo.  We
> decided on Sympa because Mailman sends passwords over email
<... >
> Does anyone know a way around the emailed passwords issue in Mailman,
> clever hacks, certain plugins, or a timeline for Mailman 3's release?
> 
You can stop the cronjob used to email reminders.
With this you don't email them to the users, but they will still be
saved in clear text in Mailman.

> I've written a number of Django apps using my own LDAP module, so I
> was also wondering if folks think now is a mature-enough time to
> perhaps grab Mailman 3, its Django front-end, and hack together what
> I'm after?
> A final, random question: Mailman 3 is still in alpha, but is it
> stable given that it's almost been in alpha for 4 years?
> 

Didn't test it yet, so no comment from me.


Kind regards,
Christian Mack
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] E-Mail Interface Documentation

2012-01-20 Thread Sascha Rissel 
Hello there,

is there a documentation of the email interface available somewhere?
I found: http://www.list.org/mailman-member/node10.html
but that page seems to be offline.

Regards,
Sascha.
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org