Le lundi 05 nov. 2012 à 22:04:07 (+0000), Engle, Perry a écrit : > Hello - It's been happening for a while, but it's really (really) time to end storing clear text passwords in the database. It's *LONG* past time to send them in email to your users. > > If you'd like proof, go to > > http://plaintextoffenders.com/submit > And > http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/ > > Of all places, Fedora and Red Hat should be leading this charge. Hi, I suppose you refer to the Mailman monthly reminder? I agree, we can ask all the mailing lists admin to disable this "feature". Just asked to our infra team[1]. Please note that only few lists are really maintained by US, the Fedora Project. Others are maintained by some community groups. If we don't DO this, we could of course ask them to take action. Will see with the infrastructure group. In the Fedora Project, we don't store any plain text passwords, so if you think about something else, please explain better. Many thanks, [1] https://fedorahosted.org/fedora-infrastructure/ticket/3553 -- Kévin Raymond (Shaiton)
Attachment:
pgpdr8z9W4bwn.pgp
Description: PGP signature
-- websites mailing list websites@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/websites
