it's mailman time again

• Previous message (by thread): it's mailman time again
• Next message (by thread): it's mailman time again
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 01, 2023 at 10:16:05AM -0700, Randy Bush wrote:
> and i just have to wonder about sending passords over the net in
> cleartext in 2023.  really?

This is a non-issue.

Given that pretty much every SMTP connection is encrypted and that
the worst thing that an attacker in possession of one of your Mailman
passwords can do is unsubscribe you (in which case you and the list
manager will be notified, and you can solve the problem quite rapidly),
no, this isn't a problem that anyone needs to worry about.

I've run (and am running) a lot of mailing lists with Mailman including
some large-ish ones for what's now approaching 20 years.  The scenario
above has never happened.  Nobody's even tried, which isn't surprising
given that such an attack is increasingly difficult and yields little,
if any, benefit to the attacker.  Moreover, any hypothetical attacker
possessing the resources and expertise required to pull this off could
certainly find far more effective things to do.

---rsk

• Previous message (by thread): it's mailman time again
• Next message (by thread): it's mailman time again
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]