[OSM-talk] Mailing list security
Éric Gillet
gill3t.3ric+osm at gmail.com
Sat Nov 25 10:53:05 UTC 2017
2017-11-25 11:12 GMT+01:00 Colin Smale <colin.smale at xs4all.nl>:
> My point is that the email I received contained my password to that
> account, in plain text!
>
> WTF#1: Why is it remembering the cleartext password and not a
> non-reversible hash?
>
> WTF#2: Why is it sending my password around in the email?
>
> My feeling is that this needs fixing, and quick.
>
This is non-ideal, but you were warned during your account creation that
this password is to be considered non-secure :
> You may enter a privacy password below. This provides only mild security,
but should prevent others from messing with your subscription. Do not use a
valuable password as it will occasionally be emailed back to you in
cleartext.
https://lists.openstreetmap.org/listinfo/talk
I don't think that this mailing-list software (mailman
<https://www.gnu.org/software/mailman/index.html>) can work with hashed
passwords.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20171125/c77db31d/attachment.html>
More information about the talk
mailing list