Re: Haskell Digest, Vol 174, Issue 15

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: Haskell Digest, Vol 174, Issue 15

姓名
GNU mailman passwords are explicitly _*NOT*_ secure!

> _*DO NOT REUSE MAILING LIST PASSWORDS!*_
>
>
> They ARE stored in plaintext and will be mailed back to you periodically
> on some setups to confirm that you want to remain subscribed.

I didn't know that. Thanks for letting me know. However, I feel it is unfriendly and dangerous for beginners.

Sorry for replying to the digest mail. I've strangely received no mail from this mailing list without digests.
I'll try to unsubscribe and resubscribe this mailing list.
Thanks.


2018-02-28 21:00 GMT+09:00 <[hidden email]>:
Send Haskell mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Haskell digest..."


Today's Topics:

   1. Re: Security problem of email registration page (Thomas Jakway)
   2. Re: Security problem of email registration page (Thomas Jakway)


----------------------------------------------------------------------

Message: 1
Date: Tue, 27 Feb 2018 08:23:42 -0800
From: Thomas Jakway <[hidden email]>
To: [hidden email]
Subject: Re: [Haskell] Security problem of email registration page
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

GNU mailman passwords are explicitly _*NOT*_ secure!

_*DO NOT REUSE MAILING LIST PASSWORDS!*_


They ARE stored in plaintext and will be mailed back to you periodically
on some setups to confirm that you want to remain subscribed.


On 02/25/2018 12:44 AM, 姓名 wrote:
> Hi there,
>
> I become aware of the problem that
> https://mail.haskell.org/mailman/listinfo/haskell send a password to
> http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell. Probably it
> means this page will send a password without encryption. Could you use
> https instead of http, or remove this duplicate page? I had used
> https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell instead.
>
>
> _______________________________________________
> Haskell mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell/attachments/20180227/a6e0ab4f/attachment-0001.html>

------------------------------

Message: 2
Date: Tue, 27 Feb 2018 08:27:39 -0800
From: Thomas Jakway <[hidden email]>
To: [hidden email]
Subject: Re: [Haskell] Security problem of email registration page
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

...it's true that without HTTPS someone could man-in-the-middle you and
get you to join a secret, ILLEGAL haskell mailing list, for NEFARIOUS
purposes.  Some say demons wander those hills, seeking to lure the
unwary to the unhallowed lands of javascript...


On 02/27/2018 08:23 AM, Thomas Jakway wrote:
>
> GNU mailman passwords are explicitly _*NOT*_ secure!
>
> _*DO NOT REUSE MAILING LIST PASSWORDS!*_
>
>
> They ARE stored in plaintext and will be mailed back to you
> periodically on some setups to confirm that you want to remain subscribed.
>
>
> On 02/25/2018 12:44 AM, 姓名 wrote:
>> Hi there,
>>
>> I become aware of the problem that
>> https://mail.haskell.org/mailman/listinfo/haskell send a password to
>> http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell. Probably
>> it means this page will send a password without encryption. Could you
>> use https instead of http, or remove this duplicate page? I had used
>> https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell instead.
>>
>>
>> _______________________________________________
>> Haskell mailing list
>> [hidden email]
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell/attachments/20180227/c9fdb691/attachment-0001.html>

------------------------------

Subject: Digest Footer

_______________________________________________
Haskell mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell


------------------------------

End of Haskell Digest, Vol 174, Issue 15
****************************************


_______________________________________________
Haskell mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell