Package: mailman Version: 2.1.5-8 Severity: important Hi,
Another upgrade issue that's just bitten me. /usr/lib/mailman/bin/change_pw says: "Prior to Mailman 2.1, list passwords were kept in crypt'd format -- usually. Some Python installations didn't have the crypt module available, so they'd fall back to md5. Then suddenly the Python installation might grow a crypt module and all list passwords would be broken. In Mailman 2.1, all list and site passwords are stored in SHA1 hexdigest form. This breaks list passwords for all existing pre-Mailman 2.1 lists, and since those passwords aren't stored anywhere in plain text, they cannot be retrieved and updated." That's all very well and good, but this means that everyone upgrading from oldstable to stable will have had all their passwords broken. Without any warning during the upgrade. This time there's nothing in README.Debian either. There really should be warning of this (well, actually, I think breaking the passwords like that is pretty poor, but nonetheless, not warning the admin you're doing so is bad). Thanks, Matthew -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.25 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages mailman depends on: ii apache [httpd] 1.3.33-6sarge1 versatile, high-performance HTTP s ii apache-ssl [httpd] 1.3.33-6sarge1 versatile, high-performance HTTP s ii cron 3.0pl1-86 management of regular background p ii debconf 1.4.30.13 Debian configuration management sy ii exim [mail-transport-agen 3.36-16 An MTA (Mail Transport Agent) ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii logrotate 3.7-5 Log rotation utility ii pwgen 2.03-1 Automatic Password generation ii python 2.3.5-2 An interactive high-level object-o ii ucf 1.17 Update Configuration File: preserv -- debconf information: * mailman/site_languages: en * mailman/used_languages: en * mailman/create_site_list: mailman/queue_files_present: * mailman/default_server_language: en * mailman/gate_news: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
