<div dir="ltr">> <span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">GNU mailman passwords are explicitly _*NOT*_ secure!</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;outline:none">> <br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;outline:none"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">> _*DO NOT REUSE MAILING LIST PASSWORDS!*_</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;outline:none">><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;outline:none">><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;outline:none"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">> They ARE stored in plaintext and will be mailed back to you periodically</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;outline:none"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">> on some setups to confirm that you want to remain subscribed.</span><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">I didn't know that. Thanks for letting me know. However, I feel it is unfriendly and dangerous for beginners.</span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Sorry for replying to the digest mail. I've strangely received no mail from this mailing list without digests.</span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">I'll try to unsubscribe and resubscribe this mailing list.</span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Thanks.</span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-02-28 21:00 GMT+09:00  <span dir="ltr"><<a href="mailto:haskell-request@haskell.org" target="_blank">haskell-request@haskell.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Haskell mailing list submissions to<br>
        <a href="mailto:haskell@haskell.org">haskell@haskell.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-<wbr>bin/mailman/listinfo/haskell</a><br>
or, via email, send a message with subject or body 'help' to<br>
        <a href="mailto:haskell-request@haskell.org">haskell-request@haskell.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:haskell-owner@haskell.org">haskell-owner@haskell.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Haskell digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
   1. Re: Security problem of email registration page (Thomas Jakway)<br>
   2. Re: Security problem of email registration page (Thomas Jakway)<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
Message: 1<br>
Date: Tue, 27 Feb 2018 08:23:42 -0800<br>
From: Thomas Jakway <<a href="mailto:tjakway@nyu.edu">tjakway@nyu.edu</a>><br>
To: <a href="mailto:haskell@haskell.org">haskell@haskell.org</a><br>
Subject: Re: [Haskell] Security problem of email registration page<br>
Message-ID: <<a href="mailto:7b17a89d-8fb9-634e-ab9b-7839f4d893d9@nyu.edu">7b17a89d-8fb9-634e-ab9b-<wbr>7839f4d893d9@nyu.edu</a>><br>
Content-Type: text/plain; charset="utf-8"; Format="flowed"<br>
<br>
GNU mailman passwords are explicitly _*NOT*_ secure!<br>
<br>
_*DO NOT REUSE MAILING LIST PASSWORDS!*_<br>
<br>
<br>
They ARE stored in plaintext and will be mailed back to you periodically<br>
on some setups to confirm that you want to remain subscribed.<br>
<br>
<br>
On 02/25/2018 12:44 AM, 姓名 wrote:<br>
> Hi there,<br>
><br>
> I become aware of the problem that<br>
> <a href="https://mail.haskell.org/mailman/listinfo/haskell" rel="noreferrer" target="_blank">https://mail.haskell.org/<wbr>mailman/listinfo/haskell</a> send a password to<br>
> <a href="http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-<wbr>bin/mailman/subscribe/haskell</a>. Probably it<br>
> means this page will send a password without encryption. Could you use<br>
> https instead of http, or remove this duplicate page? I had used<br>
> <a href="https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell" rel="noreferrer" target="_blank">https://mail.haskell.org/cgi-<wbr>bin/mailman/listinfo/haskell</a> instead.<br>
><br>
><br>
> ______________________________<wbr>_________________<br>
> Haskell mailing list<br>
> <a href="mailto:Haskell@haskell.org">Haskell@haskell.org</a><br>
> <a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-<wbr>bin/mailman/listinfo/haskell</a><br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mail.haskell.org/pipermail/haskell/attachments/20180227/a6e0ab4f/attachment-0001.html" rel="noreferrer" target="_blank">http://mail.haskell.org/<wbr>pipermail/haskell/attachments/<wbr>20180227/a6e0ab4f/attachment-<wbr>0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 27 Feb 2018 08:27:39 -0800<br>
From: Thomas Jakway <<a href="mailto:tjakway@nyu.edu">tjakway@nyu.edu</a>><br>
To: <a href="mailto:haskell@haskell.org">haskell@haskell.org</a><br>
Subject: Re: [Haskell] Security problem of email registration page<br>
Message-ID: <<a href="mailto:a5ded8ae-3dcf-ce17-7f0c-120f7e653d17@nyu.edu">a5ded8ae-3dcf-ce17-7f0c-<wbr>120f7e653d17@nyu.edu</a>><br>
Content-Type: text/plain; charset="utf-8"; Format="flowed"<br>
<br>
...it's true that without HTTPS someone could man-in-the-middle you and<br>
get you to join a secret, ILLEGAL haskell mailing list, for NEFARIOUS<br>
purposes.  Some say demons wander those hills, seeking to lure the<br>
unwary to the unhallowed lands of javascript...<br>
<br>
<br>
On 02/27/2018 08:23 AM, Thomas Jakway wrote:<br>
><br>
> GNU mailman passwords are explicitly _*NOT*_ secure!<br>
><br>
> _*DO NOT REUSE MAILING LIST PASSWORDS!*_<br>
><br>
><br>
> They ARE stored in plaintext and will be mailed back to you<br>
> periodically on some setups to confirm that you want to remain subscribed.<br>
><br>
><br>
> On 02/25/2018 12:44 AM, 姓名 wrote:<br>
>> Hi there,<br>
>><br>
>> I become aware of the problem that<br>
>> <a href="https://mail.haskell.org/mailman/listinfo/haskell" rel="noreferrer" target="_blank">https://mail.haskell.org/<wbr>mailman/listinfo/haskell</a> send a password to<br>
>> <a href="http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-<wbr>bin/mailman/subscribe/haskell</a>. Probably<br>
>> it means this page will send a password without encryption. Could you<br>
>> use https instead of http, or remove this duplicate page? I had used<br>
>> <a href="https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell" rel="noreferrer" target="_blank">https://mail.haskell.org/cgi-<wbr>bin/mailman/listinfo/haskell</a> instead.<br>
>><br>
>><br>
>> ______________________________<wbr>_________________<br>
>> Haskell mailing list<br>
>> <a href="mailto:Haskell@haskell.org">Haskell@haskell.org</a><br>
>> <a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-<wbr>bin/mailman/listinfo/haskell</a><br>
><br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mail.haskell.org/pipermail/haskell/attachments/20180227/c9fdb691/attachment-0001.html" rel="noreferrer" target="_blank">http://mail.haskell.org/<wbr>pipermail/haskell/attachments/<wbr>20180227/c9fdb691/attachment-<wbr>0001.html</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
______________________________<wbr>_________________<br>
Haskell mailing list<br>
<a href="mailto:Haskell@haskell.org">Haskell@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-<wbr>bin/mailman/listinfo/haskell</a><br>
<br>
<br>
------------------------------<br>
<br>
End of Haskell Digest, Vol 174, Issue 15<br>
******************************<wbr>**********<br>
</blockquote></div><br></div>