[Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
Larry Stone
lstone19 at stonejongleux.com
Fri Jan 20 22:17:40 CET 2012
On Thu, 19 Jan 2012, Geoff Mayes wrote:
> If Mailman
> provided a way around the passwords in the clear issue, I'm pretty sure
> we'd go with Mailman ...
My personal opionion is Mailman passwords are so insignificant that it
really shouldn't be an issue. On the other hand, I recognize that you may
have direction from above that because it's called a "password", it needs
to be ulta-secure (there are, unfortunately, too many bosses who don't
understand security and don't understand that different types of systems
have different security needs). How much damage could be done if a Mailman
user password was compromised? How much damage could be done if my on-line
banking password was compromised? The answers are very different yet there
are many who want them secured in the same way.
I so rarely use a Mailman password that I don't even try to remember it.
If I need to use it on a Mailman system, I have it send it to me, use it,
then forget it.
If someone wants to mess up my subscription on a Mailman system, well, go
ahead. I have far more important things in life to worry about.
Also, consider how many other times passwords are sent in the clear, just
not in email. A snail mail with a password is also a "password sent in the
clear" yet few seem to have a problem with that. Maybe because I practice
good password managment, I am less concerned about an email being snooped
than I am about snail mail theft or privileged access abuses.
I would not worry about Mailman passwords being sent in the clear and
instead, urge users to use good password practices. For Mailman, encourage
them to let Mailman assign a password (and thereby, not reuse a PW).
Because no matter what you do, people will reuse passwords, use the same
password for low and high security needs, use easy-to-guess passwords,
write them down, and other things that just make Mailman's password
concerns the least of your organization's security concerns.
-- Larry Stone
lstone19 at stonejongleux.com
More information about the Mailman-Users
mailing list