[Mailman-Developers] Big checkins a'comin'!

[John Morton]

On Wed, 14 Feb 2001 21:57:12 -0500 Barry A. Warsaw <barry@digicool.com> wro=
te:

> Hmm, other than that, there's a few more bounce detectors.  Also, I'm
> ditching the crufty md5/crypt munging of passwords and opting for an
> sha1 hash always.  However, to support backwards compatibility
> (i.e. the list passwords are not kept in plain text), if the sha hash
> of the response doesn't match the challenge, we try crypt as a
> fallback.

Might as well add code to convert the password from the depreciated form
to the current default if one of the fallback methods succeeds, then set
the fallbacks to cascade over crypt, MD5 and plaintext. This way, you can
quitely change to a more trusted hash should your current default
eventually be broken.

John.