[sf-lug] relocate SF-LUG list from linuxmafia.com (on linuxmafia.com) to lists.sf-lug.org (on BALUG VM)?
rick at linuxmafia.com
Tue May 4 00:52:02 PDT 2021
Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
> So, what say y'all? Should we (uhm, like me - whatever)
> relocate the SF-LUG list from linuxmafia.com (hosted on linuxmafia.com
> operated by Rick Moen)
> to lists.sf-lug.org on BALUG Virtual Machine (VM) (operated by Michael Paoli)?
Be glad to give any assistance wished, if SF-LUG decides to migrate.
(But I'm pretty sure you are already getting very timely updated of
99% of what is required, through prior coordination we've done.)
> DKIM ... it's nasty, e.g. folks using email addresses with strict DKIM
> policies, e.g. like @yahoo.com - that causes significant problems with
FWIW, I know of only three significant mail domains that evince this
problem (at the present time): yahoo.com, aol.com, and me.com .
> [*.]sf-lug.org supports IPv6 & CA signed TLS(/"SSL") cert. But Mailman
> (at least version 2.x) does stupid insecure stuff with passwords, so never
> think that https will suffice to fully protect 'em (2.x stores them in
> clear text or reversibly encrypted form). That may be better with
> Mailman 3.x, but haven't checked/confirmed.
Points about that:
1. People are clearly told in advance when they sign up for a Mailman
list that they should use an unimportant password and that (by defaut)
it will be sent in plaintext over the open Internet.
2. Anyone who objects to Mailman mailing the subscription password
periodically in plaintext can easily switch off password reminders.
3. The downside of a 'stolen' Mailman subscription password is almost
nil. The bad guy can't even unsubscribe you.
Basically, the 'Mailman is Bad and Wrong in sending subscription
passwords out in plaintext" argument is bushwah that requires ignoring
context and significance, and making an ridiculous ideological argument
that is divorced from reality. Frankly, the reason the Mailman
developers are EOLing that feature is probably that they've gotten tired
of hearing utter bullshit objections.
> Though also I believe there are still (longer term?) plans for
> linuxmafia.com to get virtualized onto considerably newer and more
> supportable hardware.
That would be best practices.
More information about the sf-lug