[aur-general] Password sent every month ?

Florian Bruhin me at the-compiler.org
Sat Jun 13 18:25:03 UTC 2015

* Félix Piédallu <felix at piedallu.me> [2015-06-13 19:42:55 +0200]:
> Hi there !
> Just new here.
> And I've been informed that "Normally, Mailman will remind you of your
> archlinux.org mailing list passwords once every month".
> Does it mean the passwords are saved somewhere ?!
> That means that my password is sent periodically. That's not the only
> account for which I use this password.
> That is a HUGE security breach. Please, change that system.

Yes, Mailman stores password in plain-text in the current version. I
think this was changed in Mailman 3, but that's rather new and
radically different.

But it's really something common. The sign up page even says this (in

     Do not use a valuable password as it will occasionally be emailed
     back to you in cleartext.

As others pointed out already, using different passwords is a really
good idea anyways. Many more pages store passwords in plaintext (they
are just less honest about it) unfortunately.


http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
         I love long mails! | http://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20150613/3dbae182/attachment.asc>

More information about the aur-general mailing list