[aur-general] Password sent every month ?
Florian Bruhin
me at the-compiler.org
Sat Jun 13 18:25:03 UTC 2015
* Félix Piédallu <felix at piedallu.me> [2015-06-13 19:42:55 +0200]:
> Hi there !
> Just new here.
> And I've been informed that "Normally, Mailman will remind you of your
> archlinux.org mailing list passwords once every month".
> Does it mean the passwords are saved somewhere ?!
> That means that my password is sent periodically. That's not the only
> account for which I use this password.
> That is a HUGE security breach. Please, change that system.
Yes, Mailman stores password in plain-text in the current version. I
think this was changed in Mailman 3, but that's rather new and
radically different.
But it's really something common. The sign up page even says this (in
bold!):
Do not use a valuable password as it will occasionally be emailed
back to you in cleartext.
As others pointed out already, using different passwords is a really
good idea anyways. Many more pages store passwords in plaintext (they
are just less honest about it) unfortunately.
Florian
--
http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP)
GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
I love long mails! | http://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20150613/3dbae182/attachment.asc>
More information about the aur-general
mailing list