Re: Clear text passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/05/2012 05:04 PM, Engle, Perry wrote:
> Hello – It’s been happening for a while, but it’s really (really) time
> to end storing clear text passwords in the database.  It’s **LONG** past
> time to send them in email to your users.
> 
>  
> 
> If you’d like proof, go to
> 
>  
> 
> http://plaintextoffenders.com/submit
> 
> And
> 
> http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/
> 
>  
> 
> Of all places, Fedora and Red Hat should be leading this charge.

Hi Perry.

Thanks for your email. We are currently working on an initiative called
"Hyperkitty", which is a rewrite of the Mailman3 Archiver code. Part of
this initiative (a very small part) includes the removal of plain-text
passwords.

For more information about this project, please see:

http://aurelien.bompard.org/post/2012/10/17/Progress-on-HyperKitty

Additionally, back in March, we disabled user password settings as much
as possible in the existing Mailman 2 environments:

http://smoogespace.blogspot.com/2012/04/mailman-passwords-how-fedora-it-is.html

While mailman still sends a clear-text password back to the user upon
request, it is a throw-away password.

If there are other areas where you believe we are handling passwords
insecurely, please point them out to us.

Thanks again,

Tom Callaway
Fedora Engineering Manager

==
Fedora Project
-- 
websites mailing list
websites@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/websites



[Index of Archives]     [Fedora Users]     [Linux ARM]     [ARM Kernel]     [Older Fedora Users]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux