[GTALUG] SSL Certs
Blaise Alleyne
email+libre at blaise.ca
Wed Mar 25 12:22:33 UTC 2015
On 23/03/15 09:21 PM, Christopher Browne wrote:
> Someone (I don't know whom) wasn't thrilled to have their Mailman
> password sent to our web site via non-SSL, hence non-encrypted
> connection.
That... specifically is a bit of a silly concern. Standard GNU Mailman sign up
instructions read:
"""
You may enter a privacy password below. This provides only mild security, but
should prevent others from messing with your subscription. **Do not use a
valuable password** as it will occasionally be emailed back to you in cleartext.
"""
(I believe GNU Mailman also *stores* passwords in plain text.)
There's no reasonable expectation of security with a GNU Mailman password to
begin with.
> Which points to it being desirable to have an SSL cert. [...]
>
Still, SSL seems like a good idea regardless, even if it wouldn't solve any
issue with Mailman.
More information about the talk
mailing list