[sf-lug] Yes, Mailman stores and sends the passwords in the clear: Re: Anyone here had any contact with Linu xChix.org?

[Rick Moen]

Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):

> GNU Mailman - sure, periodic (e.g. monthly) email to list can
> generally be a good thing (e.g. list hygiene).  But emailing
> passwords - that's generally a bad thing [...]

Except that there's no credible threat model involved.  {sigh}

I wish the Mailman devs would FAQ this already, so people don't keep
having the same stupid discussion over and over.

'Storing passwords in plaintext and e-mailing them in plaintext is bad
because bad things can be done with them.'  Fine, go on, what specific
bad things?

Er,...   Long silence from the person who so suggested without bothering
to think about the threat model.  Because even if the chosen-to-be-weak
(because you didn't ignore the instructions to do so and expect it to be
periodically mailed back to you, right) password somehow gets either
cracked from the server's Python 'pickled' stored files or is
intercepted in transmission across the Internet, the fact is that
Moriarty the Napoleon of Crime can misuse the stolen password to
accomplish little more than diddly-squat.

Maliciously unsubscribe the user?  Actually, no, not even that, because
confirmation via three-way handshake is required.  Actions not requiring
confirmation amount to things like toggling on or off 'vacation' mode or 
switching the user between normal and digest reception.

> - it's mostly or entirely a "won't fix" regarding clear text passwords 

And above is probably why.

{rolls eyes}

> In any case, sounds like GNU Mailman will *NOT*
> "fix" this in the 2.x series, but probably will in
> the 3.x version series.  

Which (judging by the betas) is a Second System Effect monstrosity, if I
ever saw one.  So, no thanks, like the rest of the world so far, I'll
stick with 2.x.