Clear text passwords
Kévin Raymond
shaiton at fedoraproject.org
Tue Nov 6 15:34:50 UTC 2012
Le lundi 05 nov. 2012 à 22:04:07 (+0000), Engle, Perry a écrit :
> Hello - It's been happening for a while, but it's really (really) time to end storing clear text passwords in the database. It's *LONG* past time to send them in email to your users.
>
> If you'd like proof, go to
>
> http://plaintextoffenders.com/submit
> And
> http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/
>
> Of all places, Fedora and Red Hat should be leading this charge.
Hi,
I suppose you refer to the Mailman monthly reminder?
I agree, we can ask all the mailing lists admin to disable this "feature".
Just asked to our infra team[1].
Please note that only few lists are really maintained by US, the Fedora Project.
Others are maintained by some community groups. If we don't DO this, we could of
course ask them to take action. Will see with the infrastructure group.
In the Fedora Project, we don't store any plain text passwords, so if you think
about something else, please explain better.
Many thanks,
[1] https://fedorahosted.org/fedora-infrastructure/ticket/3553
--
Kévin Raymond
(Shaiton)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/websites/attachments/20121106/d9cf8734/attachment.sig>
More information about the websites
mailing list