[Pkg-mailman-hackers] Bug#916101: mailman3: uses a hard-coded and mismatched api_key in mailman-hyperkitty.cfg
Sampo Sorsa
sorsasampo at protonmail.com
Mon Dec 10 08:12:21 GMT 2018
Source: mailman3
Dear Maintainer,
mailman-hyperkitty.cfg [1] contains:
api_key: SecretArchiverAPIKey
mailman3-web postinst however, checks for this api_key and generates a random one if it has not been changed [2]. This means the default setup for hyperkitty contains mismatched api key, and will not work.
mailman3 should generate api_key when writing /etc/mailman3/mailman-hyperkitty.cfg. Then the logic for randomizing the password could be removed from mailman3-web.
[1]: https://salsa.debian.org/mailman-team/mailman-hyperkitty/blob/master/mailman-hyperkitty.cfg
[2]: https://salsa.debian.org/mailman-team/mailman-suite/blob/master/debian/mailman3-web.postinst#L114-125
More information about the Pkg-mailman-hackers
mailing list