[aur-general] Password sent every month ?
felix at piedallu.me
Sat Jun 13 18:45:21 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
I agree with you, but i got a "common pwd" that I use on some websites
where i don't log in frequently (if I forget the pwd, that's the first
I try), so that was convenient. But yeah, i'm gonna change that pwd.
I am still convinced this is a security breach, even if that's not a
very important pwd as you pointed out.
Just imagine a "pirate" that knows that the pwd is sent every month.
He knows he just has to wait some weeks intercepting every sent mail.
Anyway, thanks for the (very quick) answers :)
Président du Club Robotronik Phelma
06 51 41 32 48
Manjaro Linux. Feel the freedom.
On 13/06/2015 20:00, Ben Oliver wrote:
> On 13 Jun 2015 6:52 pm, "G. Schlisio" <g.schlisio at dukun.de> wrote:
>>> Hi there ! Just new here. And I've been informed that
>>> "Normally, Mailman will remind you of your archlinux.org
>>> mailing list passwords once every month". Does it mean the
>>> passwords are saved somewhere ?! That means that my password is
>>> sent periodically. That's not the only account for which I use
>>> this password. That is a HUGE security breach. Please, change
>>> that system.
>>> And by the way, hello there, fellow arch users and devs ;)
>> hi and welcome aboard arch!
>> concerning your issue: you probably have heard the advice to use
>> different passwords everywhere? also: the mailinglist password is
>> not that important. it merely controls your subscription, so no
>> sensible data is secured with it, it just prevents random people
>> from fiddling with your subscription. that brings me to my next
>> point: arch uses a software called mailman here, a mailinglist
>> managing tool used widely on the interwebs, reviewed many times.
>> you can also opt-out of receiving this reminder in your
>> subscription options (protected by this password).
>> i hope you see that this is not an security issue, but perhaps
>> you want to change you maiman-password.
> I have to second this. Use a password manager and generate
> different passwords for everything and you don't have to sweat it
> if a password gets leaked (especially something non essential like
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the aur-general