[aur-general] Password sent every month ?

Sat Jun 13 18:45:21 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Okay :)

I agree with you, but i got a "common pwd" that I use on some websites
where i don't log in frequently (if I forget the pwd, that's the first
I try), so that was convenient. But yeah, i'm gonna change that pwd.
I am still convinced this is a security breach, even if that's not a
very important pwd as you pointed out.
Just imagine a "pirate" that knows that the pwd is sent every month.
He knows he just has to wait some weeks intercepting every sent mail.

Anyway, thanks for the (very quick) answers :)

Félix Piédallu
Président du Club Robotronik Phelma
06 51 41 32 48
Manjaro Linux. Feel the freedom.

On 13/06/2015 20:00, Ben Oliver wrote:
> On 13 Jun 2015 6:52 pm, "G. Schlisio" <g.schlisio at dukun.de> wrote:
>> 
>>> Hi there ! Just new here. And I've been informed that
>>> "Normally, Mailman will remind you of your archlinux.org
>>> mailing list passwords once every month". Does it mean the
>>> passwords are saved somewhere ?! That means that my password is
>>> sent periodically. That's not the only account for which I use
>>> this password. That is a HUGE security breach. Please, change
>>> that system.
>>> 
>>> And by the way, hello there, fellow arch users and devs ;)
>> 
>> hi and welcome aboard arch!
>> 
>> concerning your issue: you probably have heard the advice to use
>> different passwords everywhere? also: the mailinglist password is
>> not that important. it merely controls your subscription, so no
>> sensible data is secured with it, it just prevents random people
>> from fiddling with your subscription. that brings me to my next
>> point: arch uses a software called mailman here, a mailinglist
>> managing tool used widely on the interwebs, reviewed many times. 
>> you can also opt-out of receiving this reminder in your
>> subscription options (protected by this password).
>> 
>> i hope you see that this is not an security issue, but perhaps
>> you want to change you maiman-password.
>> 
> 
> I have to second this. Use a password manager and generate
> different passwords for everything and you don't have to sweat it
> if a password gets leaked (especially something non essential like
> this).
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVfHpBAAoJEMJ1NtNxTzOfoRcQAK/tO2E/fwE4AsXufLC953Gp
FbUxPa9sLU+54wwiPdVpjI4PjGOm71sx4o4bUlvcWptVP2OJV9H7HTQRZb/3P3o0
mz6/GvY/t9M7/5D5LZAfzxP0CSvXoBYkrQETBdaNDPiUuAxYjiraw46qdYJbzXt3
P/ri/TTJ4WE9YEEwh9fpdg7kHB6EJvdDG33GGhRYQIb6MmkmP+rpOR9bUI2vl+EP
DJTf8IvhFUEsvmTgz1ct74yL/ZT2XvWprXI2AvNjgnH6/jmTxREeeh/HPYGFUWj6
j3+SWjTKzTIq7VUn63tC1whel30jJDyBw9IoECN6QQ6ztdzKJY2zRp0prpHsOe0u
yj5QkDRxe79yMuVQTNjuFryTrUA3EnpNbRED23qi+fkBz5GM0s992pnupV0z5qLr
8HlXywvItL2XPZkTecmOoK5S1yY8xu1pd0vc9od1nqJ3u6g8u8a+kEj7DzVnn6py
y4haTcn7lK+FadpRoTnJLZNCHK7BH4s+DDQ/JgV1alunaKaBuDXIdKP8clvZKeUK
LzAOd2IOY2xsI28n/eemXedPFgKpqSd5fj3bH5Y5bplDQ9jOQMHURO93xvF7fcsT
NXaww4FJKKyIslukNY0DIUYrUIrnFpC+2N8YHNMdiv801o6cXKq9uLk9E2JRg4Ed
heWYbkbp2UOAV6X8WaMh
=Ekqk
-----END PGP SIGNATURE-----