[pass] Mailman page is unencrypted HTTP
Jason A. Donenfeld
Jason at zx2c4.com
Fri Feb 5 20:03:17 CET 2016
I like the suggestion of removing the password field all together.
Nice thinking there.
Others here are right though -- mailman stores your passwords in
cleartext and emails them to you in cleartext.
But of course the general sentiment is worthwhile: I should add TLS to
all zx2c4.com domains as well as passwordstore.org. It'll happen
sooner or later, hopefully sooner, don't worry.
More information about the Password-Store
mailing list