[Mono-list] plaintextoffenders

edward.harvey.mono edward.harvey.mono at clevertrove.com
Wed Jan 2 13:22:56 UTC 2013


> From: edward.harvey.mono
> 
> The *real* real problem here is people who use the same password on
> mailman as they do anywhere else.  Personally, when I subscribe to mailman,
> I accept whatever randomly generated password the system creates, and I
> never look at it and never use it, because it's useless.  If I want to login to
> mailman, I can always click the "I forgot my password" link and have them
> email me a confirmation.  So I don't care who intercepts my random
> password.

Oh - A few years ago, I admin'd a mailman site.  I hacked the python code and removed the ability for users to select their own password.  I remember it was a little more difficult than expected (just cuz the way mailman was (is?) written, the way they're using python isn't great for a webpage; I hope they're moving to django moving forward, something MVC-ish)...  But it wasn't terribly difficult.  None of the users noticed or complained or even commented.



More information about the Mono-list mailing list