<div dir="auto">So, what you're saying, Rick, is let's ignore the fact that it is a bad idea to have clear-text passwords (to which every security person agrees) because, for this specific is case, no one (yet? No one you ever had this discussion with?) Ever came up with an attack vector? <div dir="auto"><br></div><div dir="auto">To your point earlier - I'm sure those dworves at Moria had that discussion, and someone said "I cannot remember a single time, and I cannot rationalize in any way, that a Balrog will come at us if we dig here". If that what you are saying now?</div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Jun 8, 2019, 11:55 Rick Moen <<a href="mailto:rick@linuxmafia.com">rick@linuxmafia.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Quoting Michael Paoli (<a href="mailto:Michael.Paoli@cal.berkeley.edu" target="_blank" rel="noreferrer">Michael.Paoli@cal.berkeley.edu</a>):<br>
<br>
> GNU Mailman - sure, periodic (e.g. monthly) email to list can<br>
> generally be a good thing (e.g. list hygiene). But emailing<br>
> passwords - that's generally a bad thing [...]<br>
<br>
Except that there's no credible threat model involved. {sigh}<br>
<br>
I wish the Mailman devs would FAQ this already, so people don't keep<br>
having the same stupid discussion over and over.<br>
<br>
'Storing passwords in plaintext and e-mailing them in plaintext is bad<br>
because bad things can be done with them.' Fine, go on, what specific<br>
bad things?<br>
<br>
Er,... Long silence from the person who so suggested without bothering<br>
to think about the threat model. Because even if the chosen-to-be-weak<br>
(because you didn't ignore the instructions to do so and expect it to be<br>
periodically mailed back to you, right) password somehow gets either<br>
cracked from the server's Python 'pickled' stored files or is<br>
intercepted in transmission across the Internet, the fact is that<br>
Moriarty the Napoleon of Crime can misuse the stolen password to<br>
accomplish little more than diddly-squat.<br>
<br>
Maliciously unsubscribe the user? Actually, no, not even that, because<br>
confirmation via three-way handshake is required. Actions not requiring<br>
confirmation amount to things like toggling on or off 'vacation' mode or <br>
switching the user between normal and digest reception.<br>
<br>
> - it's mostly or entirely a "won't fix" regarding clear text passwords <br>
<br>
And above is probably why.<br>
<br>
{rolls eyes}<br>
<br>
> In any case, sounds like GNU Mailman will *NOT*<br>
> "fix" this in the 2.x series, but probably will in<br>
> the 3.x version series. <br>
<br>
Which (judging by the betas) is a Second System Effect monstrosity, if I<br>
ever saw one. So, no thanks, like the rest of the world so far, I'll<br>
stick with 2.x.<br>
<br>
<br>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank" rel="noreferrer">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer noreferrer" target="_blank">http://www.sf-lug.org/</a> <br>
</blockquote></div>