On 13 November 2015 at 17:06, Risker <risker.wp(a)gmail.com> wrote:
At the same time, we should keep in mind that the core issue here is that
a few listadmins appear to have used the same password for listadmin
duties as they were using for other accounts. All the password protection
systems in the world are not going to change what happened here, if people
are going to use obviously insecure, shared passwords as personal passwords
as well.
As I understand it, *subscribers* used their regular passwords for mailman,
and mailman stores passwords *unhashed* on the server (!).