Well, got the password fine, works find on the talk and admin lists but ... alas, not on the announce list. If you still have a "logged in" (cookie authorized) web session on the announce list, might want to try that first, and see if you can set password to what we're expecting it to be. If not [8-O] your guess is probably better than mine - I tried the new one several times, the old one, some slight variations of the new one, but none worked for me on the announce list.
Anyway, let me know if you're able to get that to what we expect it to be on the announce list - and verified working as expected ... does work fine on the other two - thanks! :-) And, yes, now have the rosters freshly backed up for 2 of the 3 lists.
From: "Rick Moen" rick@linuxmafia.com Subject: Re: [BALUG-Admin] (forw) Your new balug-admin-balug.org list password Date: Wed, 29 Mar 2017 11:59:07 -0700
Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
Rick,
Might be a bit late/early for calling now 8-O But maybe I didn't miss the mark by *too* much ;-)
No worries!
Rick, if you wish, you could alternatively drop the password in this file: $ hostname; ls -ld ~/.auth.info linuxmafia.com -rw------- 1 mpaoli mpaoli 0 Mar 29 04:05 /home/mpaoli/.auth.info $
Done! Good idea.
IMO, Mailman listadmin passwords are a medium-security scenario -- on the low side of medium. Because by default a stolen listadmin password can do some mischief but not a lot of harm and such harm can be easily fixed and the person in question locked out again.
By default, Mailman variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set 'no' in mm_cfg.py. Unless that has been locally changed to 'yes' by the local site administrator, listadmins cannot summarily delete mailing lists from the Web, only using $MAILMAN_HOME/bin/rmlist at the command line.
Short of that deed, there's only minor annoyances that an intruder with the listadmin password is likely to do -- and those are relatively easy to notice and un-do.
Therefore, IMO, extreme caution about the listadmin password and mind-numbingly complex choice of password is not justified by the downside risk of someone guessing or dictionary-attacking the WebUI credential. (Honestly, nobody dictionary-attacks that, because it's not worth the trouble and immense amounts of time required.
And my first order of business with that will be to get fresh copies of the roster lists!
Tools to script this from the Web side: https://wiki.list.org/DOC/How%20do%20I%20extract%20%28export%29%20a%20list%2...
And thanks too to Michael Hubbard for getting the password reset and carrying BALUG on his DreamHost.com account.
Any chance Michael should be the third possessor of the listadmin password? It's a small thing, but I think two possessors is a little thin in much the same way that two authoritative nameservers for a domain is a little SPoF-leaning.
BALUG-Admin mailing list BALUG-Admin@lists.balug.org http://lists.balug.org/listinfo.cgi/balug-admin-balug.org