[Pkg-mailman-hackers] Bug#343029: mailman: No warning about breaking admin passwords!

Matthew Vernon matthew at debian.org
Mon Dec 12 00:59:50 UTC 2005


Package: mailman
Version: 2.1.5-8
Severity: important

Hi,

Another upgrade issue that's just bitten me. 
 /usr/lib/mailman/bin/change_pw says:

"Prior to Mailman 2.1, list passwords were kept in crypt'd format -- usually.
Some Python installations didn't have the crypt module available, so they'd
fall back to md5.  Then suddenly the Python installation might grow a crypt
module and all list passwords would be broken.

In Mailman 2.1, all list and site passwords are stored in SHA1 hexdigest
form.  This breaks list passwords for all existing pre-Mailman 2.1 lists, and
since those passwords aren't stored anywhere in plain text, they cannot be
retrieved and updated."

That's all very well and good, but this means that everyone upgrading
from oldstable to stable will have had all their passwords
broken. Without any warning during the upgrade. This time there's
nothing in README.Debian either.

There really should be warning of this (well, actually, I think
breaking the passwords like that is pretty poor, but nonetheless, not
warning the admin you're doing so is bad).

Thanks,

Matthew


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.25
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages mailman depends on:
ii  apache [httpd]            1.3.33-6sarge1 versatile, high-performance HTTP s
ii  apache-ssl [httpd]        1.3.33-6sarge1 versatile, high-performance HTTP s
ii  cron                      3.0pl1-86      management of regular background p
ii  debconf                   1.4.30.13      Debian configuration management sy
ii  exim [mail-transport-agen 3.36-16        An MTA (Mail Transport Agent)
ii  libc6                     2.3.2.ds1-22   GNU C Library: Shared libraries an
ii  logrotate                 3.7-5          Log rotation utility
ii  pwgen                     2.03-1         Automatic Password generation
ii  python                    2.3.5-2        An interactive high-level object-o
ii  ucf                       1.17           Update Configuration File: preserv

-- debconf information:
* mailman/site_languages: en
* mailman/used_languages: en
* mailman/create_site_list:
  mailman/queue_files_present:
* mailman/default_server_language: en
* mailman/gate_news: false




More information about the Pkg-mailman-hackers mailing list