[Mono-list] plaintextoffenders
edward.harvey.mono
edward.harvey.mono at clevertrove.com
Wed Jan 2 13:22:56 UTC 2013
> From: edward.harvey.mono
>
> The *real* real problem here is people who use the same password on
> mailman as they do anywhere else. Personally, when I subscribe to mailman,
> I accept whatever randomly generated password the system creates, and I
> never look at it and never use it, because it's useless. If I want to login to
> mailman, I can always click the "I forgot my password" link and have them
> email me a confirmation. So I don't care who intercepts my random
> password.
Oh - A few years ago, I admin'd a mailman site. I hacked the python code and removed the ability for users to select their own password. I remember it was a little more difficult than expected (just cuz the way mailman was (is?) written, the way they're using python isn't great for a webpage; I hope they're moving to django moving forward, something MVC-ish)... But it wasn't terribly difficult. None of the users noticed or complained or even commented.
More information about the Mono-list
mailing list