I just got another "blender.org mailing list memberships reminder" mail,
and it still contains all passwords in plaintext. If I remember
correctly this was brought up some weeks ago and should be changed?
> Hi Thomas,
> To disable this, as it is a per user configuration choice, log into your
> account and turn off password reminders. You can set this globally for all
> lists, or on a per list basis.
> Bf-committers mailing list
> [hidden email] > https://lists.blender.org/mailman/listinfo/bf-committers >
This will simply stop you from receiving the plain text password. As I have
mentioned several times in private mails, the version of Mailman that we
use is not capable of hashing passwords (at least out of the box, iirc).
The upcoming version 3 was an overhaul which should address this problem.
That said, it is clearly stated when you subscribe to the list that you
should not use an important password as it will be mailed back to you etc.
My advice is to generate a simple unique password, and set your mail
preferences to not email them back to you, as well as to change your
password if this all comes as a surprise to you. Also, to sign your emails
with GPG/GNUPG if you require accountability and are concerned that someone
sniffed your password from your email. But we do sent and receive mail via
TLS, when possible, so the odds of the mail being intercepted and sniffed
are relatively low.
I hope this helps! I believe that mailman 3 is finally in the ports tree,
but when we will actually use it, who knows.
I am aware of your concern. Unfortunately, I did not write Mailman :(
AFAIK, there are only 3rd party addon's to do such things, but I believe
that the situation comes down to it being a known issue, with the
recommendation being for you to not use important passwords for the
service, and also to disable the feature that mails you a password back, in
case someone else can read your email (we do use SSL transport during
delivery, and require HTTPS for the website).
At some point, Mailman 3 will do away with these, but as of yet I don't
believe it is stable. This software is about as old as the internet, and
unfortunately, it does assume a little too much for the user. To be fair
though, you are warned very clearly about this during the creation of the
Gotta love old legacy systems. Also, gotta love volunteering to maintain
legacy systems. If you would like to sponsor a few thousand dollars to me
to upgrade to mailman 3, perhaps I could put a rush on things, otherwise,