[OSM-talk] Mailing list security

Éric Gillet gill3t.3ric+osm at gmail.com
Sat Nov 25 10:53:05 UTC 2017


2017-11-25 11:12 GMT+01:00 Colin Smale <colin.smale at xs4all.nl>:

> My point is that the email I received contained my password to that
> account, in plain text!
>
> WTF#1: Why is it remembering the cleartext password and not a
> non-reversible hash?
>
> WTF#2: Why is it sending my password around in the email?
>
> My feeling is that this needs fixing, and quick.
>
This is non-ideal, but you were warned during your account creation that
this password is to be considered non-secure :

> You may enter a privacy password below. This provides only mild security,
but should prevent others from messing with your subscription. Do not use a
valuable password as it will occasionally be emailed back to you in
cleartext.

https://lists.openstreetmap.org/listinfo/talk

I don't think that this mailing-list software (mailman
<https://www.gnu.org/software/mailman/index.html>) can work with hashed
passwords.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20171125/c77db31d/attachment.html>


More information about the talk mailing list