Jan Jancar writes:

 >    b) Added complexity, maintenance cost to Mailman's infrastructure.
 >       This can be mitigated by implementing encrypted mailing lists
 > either as a plugin as was proposed here before,

In one sense, a plugin is the ONLY way this feature can be reasonably
implemented in Mailman 3, as all the relevant work will be done in
Rules and Handlers.

However, as Mailman core tends to provide information to companion
applications (Postorius, HyperKitty) without much concern for
authorization, there may be issues that require either invasive
changes or can only be addressed in current Mailman 3 architecture by
host security.  The latter is the current answer to all questions of
security, in fact.

This will indeed be an ongoing security concern in maintenance, unless
the information that needs to be secured is by design carefully
partitioned away from "low security" operations used by Postorius,
HyperKitty, and the REST interface generally.

Steve
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Reply via email to