Bug 231879

Summary: mail/mailman: add OPTION to elide plaintext passwords from monthly reminder messages
Product: Ports & Packages Reporter: Kurt Jaeger <pi>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed FIXED    
Severity: Affects Some People CC: pi
Priority: --- Flags: mandree: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch
mandree: maintainer-approval-
patch-v2 none

Description Kurt Jaeger freebsd_committer 2018-10-02 16:05:33 UTC
Created attachment 197717 [details]
patch

Adds an option and sets it to default ON to not include plaintext passwords in mailman. See

https://mail.python.org/pipermail/mailman-users/2016-April/080746.html

for the source of the patch.
Comment 1 Kurt Jaeger freebsd_committer 2018-10-02 16:09:10 UTC
There's a request from users to postmaster@ to not send out the passwords with the monthly list reminder mails. Users can opt out of monthly reminder mails, but if they don't do that, users will get those mails with passwords.

This OPTION and patch changes this site-wide.
Comment 2 Matthias Andree freebsd_committer 2018-10-02 23:58:49 UTC
Comment on attachment 197717 [details]
patch

It's almost there, but I have three minor items:

1. The indentation of the new Python code appears to use TABs, which is what the text description explicitly warns against doing.  Please re-send with the TABs in the .py patch extended.  
While there, 
2. please also reword the _DESC to state "Elide plaintext passwords from monthly reminders." - and 
3. test if the explicit password reminder still mails the password.

Thank you. (If you're on the road, I can handle 1 + 2 as well but can't handle 3 on short notice.)
Comment 3 Matthias Andree freebsd_committer 2018-10-03 00:00:31 UTC
I should also say that I don't have general objections and thank you for digging out the approach and offering an otherwise sound and thorough patch.
Comment 4 Kurt Jaeger freebsd_committer 2018-10-03 10:09:04 UTC
Created attachment 197739 [details]
patch-v2

1+2 done. 3 will need a bit more time, I'll get back to you.
Comment 5 Kurt Jaeger freebsd_committer 2018-10-06 19:46:59 UTC
(In reply to Matthias Andree from comment #2)
tested for 3 on a test installation.

Monthly reminder no longer sends out the password. Individual password
recovery works fine.
Comment 6 Matthias Andree freebsd_committer 2018-10-07 14:38:47 UTC
Comment on attachment 197739 [details]
patch-v2

Thanks. Ever since I've been brought on board I have been wondering whether to make this default to on...
Comment 7 Kurt Jaeger freebsd_committer 2018-11-02 14:17:48 UTC
Committed, thanks!
Comment 8 commit-hook freebsd_committer 2018-11-02 14:18:06 UTC
A commit references this bug:

Author: pi
Date: Fri Nov  2 14:17:36 UTC 2018
New revision: 483810
URL: https://svnweb.freebsd.org/changeset/ports/483810

Log:
  mail/mailman: add OPTION to not send passwords in the monthly mails

  - this option is now on by default

  PR:		231879
  Reported by:	several users
  Approved by:	mandree
  Obtained from:	https://mail.python.org/pipermail/mailman-users/2016-April/080746.html
  MFH:		2018Q4

Changes:
  head/mail/mailman/Makefile
  head/mail/mailman/files/extra-patch-mailpasswds
Comment 9 commit-hook freebsd_committer 2018-11-04 18:43:58 UTC
A commit references this bug:

Author: pi
Date: Sun Nov  4 18:43:24 UTC 2018
New revision: 484121
URL: https://svnweb.freebsd.org/changeset/ports/484121

Log:
  MFH: r483810

  mail/mailman: add OPTION to not send passwords in the monthly mails

  - this option is now on by default

  PR:		231879
  Reported by:	several users
  Approved by:	mandree
  Obtained from:	https://mail.python.org/pipermail/mailman-users/2016-April/080746.html
  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q4/
  branches/2018Q4/mail/mailman/Makefile
  branches/2018Q4/mail/mailman/files/extra-patch-mailpasswds