[Mailman-Developers] Password reminders
Mark Sapiro
mark at msapiro.net
Tue May 1 21:48:34 CEST 2012
Murray S. Kucherawy wrote:
>Do you folks ever get complaints about password reminders sending passwords in the clear?
Yes.
>Is there an open bug about that?
See, e.g., <https://bugs.launchpad.net/mailman/+bug/265179>.
>Once a month I get someone nagging at me that this isn't a secure thing, possibly because it's a security-related mailing list (i.e., picky audience). My only choice in the current version is to turn off the reminders altogether. Perhaps it would be possible to add a switch that just turns off the password part?
How useful would the rest of it be without the password?
You can edit the template for the reminder per
<http://wiki.list.org/x/jYA9>. Its name is cronpass.txt. Besure to see
the note in the FAQ about list and domain specific templates not
working for this template. However, the actual entries with the
passwords are not built from the template so you'd have to also edit
the code in cron/mailpasswds.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list