Le lundi 05 nov. 2012 à 22:04:07 (+0000), Engle, Perry a écrit :
Hello - It's been happening for a while, but it's really
(really) time to end storing clear text passwords in the database. It's *LONG* past
time to send them in email to your users.
If you'd like proof, go to
http://plaintextoffenders.com/submit
And
http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offen...
Of all places, Fedora and Red Hat should be leading this charge.
Hi,
I suppose you refer to the Mailman monthly reminder?
I agree, we can ask all the mailing lists admin to disable this "feature".
Just asked to our infra team[1].
Please note that only few lists are really maintained by US, the Fedora Project.
Others are maintained by some community groups. If we don't DO this, we could of
course ask them to take action. Will see with the infrastructure group.
In the Fedora Project, we don't store any plain text passwords, so if you think
about something else, please explain better.
Many thanks,
[
1] https://fedorahosted.org/fedora-infrastructure/ticket/3553
--
Kévin Raymond
(Shaiton)