Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8

Brad Roberts braddr at puremagic.com
Fri Apr 11 12:37:42 PDT 2014



On 4/11/14, 3:01 AM, Andrea Fontana wrote:
> On Friday, 11 April 2014 at 07:39:12 UTC, Manu wrote:
>> as your email address and whether you get digests or not.  As a
>> reminder, your membership password is
>>
>>      [My password!!!]    WHAT!!!11!one!
>>
>> If you have any questions or problems, you can contact the list owner
>> at
>>
>>     digitalmars-d-owner at puremagic.com
>
> Funny. Plain text password stored on db. Plain text password sent over smpt. Plain text password in
> the wild: http://goo.gl/JykIcu

Yup, mailman sucks.  But so do all the other list managers out there.  :)  With all the accurate and 
well placed righteous indignation on this thread.. surely someone has the drive to actually fix the 
problem.  I'm reasonably confident that the mailman team would appreciate the manpower to tackle the 
problem. :)

Personally, I use a unique password for each site with pwsafe as the storage manager.  I consider 
list passwords so low value that I really just don't care that the passwords are fundamentally 
crappily managed.  Sharing password between sites, particularly low trust sites, is a major security 
no no.  Don't do it.


More information about the Digitalmars-d mailing list