On 6 November 2012 08:34, Kévin Raymond <shaiton@xxxxxxxxxxxxxxxxx> wrote: > Le lundi 05 nov. 2012 à 22:04:07 (+0000), Engle, Perry a écrit : >> Hello - It's been happening for a while, but it's really (really) time to end storing clear text passwords in the database. It's *LONG* past time to send them in email to your users. >> >> If you'd like proof, go to >> >> http://plaintextoffenders.com/submit >> And >> http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/ >> >> Of all places, Fedora and Red Hat should be leading this charge. > > Hi, > > I suppose you refer to the Mailman monthly reminder? > I agree, we can ask all the mailing lists admin to disable this "feature". Originally the passwords were set up in the default way but this spring I changed many of the users passwords to the randomly chosen method (16 character random string). I removed all ways for the user to change the password so the only way for them to know what the password is via a reminder. I looked at that time on either hashing the passwords in mailman or some other method, and it was non-trivial. I am waiting for the hyperkitty implementation for a real fix. -- Stephen J Smoogen. "Don't derail a useful feature for the 99% because you're not in it." Linus Torvalds "Years ago my mother used to say to me,... Elwood, you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd -- websites mailing list websites@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/websites
