|Summary:||mail/mailman: add OPTION to elide plaintext passwords from monthly reminder messages|
|Product:||Ports & Packages||Reporter:||Kurt Jaeger <pi>|
|Component:||Individual Port(s)||Assignee:||Kurt Jaeger <pi>|
|Severity:||Affects Some People||CC:||pi|
Description Kurt Jaeger 2018-10-02 16:05:33 UTC
Created attachment 197717 [details] patch Adds an option and sets it to default ON to not include plaintext passwords in mailman. See https://mail.python.org/pipermail/mailman-users/2016-April/080746.html for the source of the patch.
Comment 1 Kurt Jaeger 2018-10-02 16:09:10 UTC
There's a request from users to postmaster@ to not send out the passwords with the monthly list reminder mails. Users can opt out of monthly reminder mails, but if they don't do that, users will get those mails with passwords. This OPTION and patch changes this site-wide.
Comment 2 Matthias Andree 2018-10-02 23:58:49 UTC
Comment on attachment 197717 [details] patch It's almost there, but I have three minor items: 1. The indentation of the new Python code appears to use TABs, which is what the text description explicitly warns against doing. Please re-send with the TABs in the .py patch extended. While there, 2. please also reword the _DESC to state "Elide plaintext passwords from monthly reminders." - and 3. test if the explicit password reminder still mails the password. Thank you. (If you're on the road, I can handle 1 + 2 as well but can't handle 3 on short notice.)
Comment 3 Matthias Andree 2018-10-03 00:00:31 UTC
I should also say that I don't have general objections and thank you for digging out the approach and offering an otherwise sound and thorough patch.
Comment 4 Kurt Jaeger 2018-10-03 10:09:04 UTC
Created attachment 197739 [details] patch-v2 1+2 done. 3 will need a bit more time, I'll get back to you.
Comment 5 Kurt Jaeger 2018-10-06 19:46:59 UTC
(In reply to Matthias Andree from comment #2) tested for 3 on a test installation. Monthly reminder no longer sends out the password. Individual password recovery works fine.
Comment 6 Matthias Andree 2018-10-07 14:38:47 UTC
Comment on attachment 197739 [details] patch-v2 Thanks. Ever since I've been brought on board I have been wondering whether to make this default to on...
Comment 7 Kurt Jaeger 2018-11-02 14:17:48 UTC
Comment 8 commit-hook 2018-11-02 14:18:06 UTC
A commit references this bug: Author: pi Date: Fri Nov 2 14:17:36 UTC 2018 New revision: 483810 URL: https://svnweb.freebsd.org/changeset/ports/483810 Log: mail/mailman: add OPTION to not send passwords in the monthly mails - this option is now on by default PR: 231879 Reported by: several users Approved by: mandree Obtained from: https://mail.python.org/pipermail/mailman-users/2016-April/080746.html MFH: 2018Q4 Changes: head/mail/mailman/Makefile head/mail/mailman/files/extra-patch-mailpasswds
Comment 9 commit-hook 2018-11-04 18:43:58 UTC
A commit references this bug: Author: pi Date: Sun Nov 4 18:43:24 UTC 2018 New revision: 484121 URL: https://svnweb.freebsd.org/changeset/ports/484121 Log: MFH: r483810 mail/mailman: add OPTION to not send passwords in the monthly mails - this option is now on by default PR: 231879 Reported by: several users Approved by: mandree Obtained from: https://mail.python.org/pipermail/mailman-users/2016-April/080746.html Approved by: ports-secteam (riggs) Changes: _U branches/2018Q4/ branches/2018Q4/mail/mailman/Makefile branches/2018Q4/mail/mailman/files/extra-patch-mailpasswds