[Pkg-mailman-hackers] Bug#916101: mailman3: uses a hard-coded and mismatched api_key in mailman-hyperkitty.cfg
Pierre-Elliott Bécue
peb at debian.org
Sat Dec 22 22:37:03 GMT 2018
Le lundi 10 décembre 2018 à 08:12:21+0000, Sampo Sorsa a écrit :
> Source: mailman3
>
> Dear Maintainer,
>
> mailman-hyperkitty.cfg [1] contains:
>
> api_key: SecretArchiverAPIKey
>
> mailman3-web postinst however, checks for this api_key and generates a random one if it has not been changed [2]. This means the default setup for hyperkitty contains mismatched api key, and will not work.
>
> mailman3 should generate api_key when writing /etc/mailman3/mailman-hyperkitty.cfg. Then the logic for randomizing the password could be removed from mailman3-web.
>
> [1]: https://salsa.debian.org/mailman-team/mailman-hyperkitty/blob/master/mailman-hyperkitty.cfg
> [2]: https://salsa.debian.org/mailman-team/mailman-suite/blob/master/debian/mailman3-web.postinst#L114-125
Hi,
Thanks for the report.
I don't consider this as a bug. Obviously it's also the job of a system
administrator to set the appropriate parameters to the appropriate value.
That said, I consider your report as a feature request that should indeed be
implemented.
Yet, I lack some time currently. Could you provide a patch for the package?
I'd be happy to review and take it into account!
Cheers!
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20181222/5461f442/attachment.sig>
More information about the Pkg-mailman-hackers
mailing list