Re: code4lib mailing list

From: Andromeda Yelton <andromeda.yelton_at_nyob>
Date: Thu, 24 Mar 2016 11:58:55 -0400
To: CODE4LIB_at_LISTSERV.ND.EDU 
On Thu, Mar 24, 2016 at 10:39 AM, Ranti Junus <ranti.junus_at_gmail.com> wrote:

> Thank you, Eric, for the heads up and your guardianships...
>
> Mailman is easy to administer, but it has a huge caveat: when a user
> request a password (reminder, etc.), it sends it as an email in plain text.


Yikes!

However, this is no longer true in mailman 3 (if heavily-developed-alpha is
an okay answer); passwords are sha512-hashed and *maybe* also salted,
though the docs are sparse on that front.

(See, e.g.,
https://bazaar.launchpad.net/~mailman-coders/mailman/3.0/view/head:/src/mailman/utilities/passwords.py
,
https://bazaar.launchpad.net/~mailman-coders/mailman/3.0/view/head:/src/mailman/config/passlib.cfg
,
https://pythonhosted.org/passlib/lib/passlib.context.html#passlib.context.CryptContext.encrypt
.)

-- 
Andromeda Yelton
Board of Directors, Library & Information Technology Association:
http://www.lita.org
http://andromedayelton.com
@ThatAndromeda <http://twitter.com/ThatAndromeda>
Received on Thu Mar 24 2016 - 11:59:35 EDT

URL: http://serials.infomotions.com/code4lib/