[Mailman-Developers] Thanks for sprinting at Pycon 2012!
I'll be blogging in more detail about the Pycon 2012 Mailman sprint once I've recovered from my sleep deprived jetlagged fog, but I just wanted to send a quick note of thanks to all the folks who attended: Andrea Crotti Florian Fuchs Toshio Kuratomi Daniel Mizyrycki Terri Oda Mark Sapiro Stephen Turnbull We made some *incredible* progress on the Mailman 3 core and web-ui. I saw demos of the latter that look fantastic. It was a pleasure to hang out and hack with you guys for a few days. Thanks also to Máirín Duffy who joined us on mumble to share with us 16 of her 32 very cool brainstorms on Mailman's web ui. Special thanks to Larry Hastings for helping us find some nice eats, even if I was an anti-social stick-in-the-mud after the Greek and Thai places. That's what Tamari sauce will do to you. :) Alpha releases of the web ui and a beta of the core will be coming next week once we're all recovered. Stay tuned. Cheers, -Barry P.S. I may even have a few pictures to post later too. signature.asc Description: PGP signature ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Killing off Pipermail and the effects on scrubbing in Mailman 3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/15/2012 10:41 PM, Barry Warsaw wrote: We can still scrub messages of unwanted content type, but we can't save those parts on the file system and calculate a URL into Pipermail to display them. There are two things going on. There is content filtering, i.e., removal from the message of parts with unwanted MIME types or filename extensions. These parts are simply removed by pipeline/mime_delete.py (which probably needs some changes ported from 2.1, aargh...). Then there is what pipeline/scrubber.py does with the remaining message which is remove those message parts which can't be rendered well in a flat, text/plain message and store them aside and replace them by links in the message. The part we can't do in MM 3 is calculate a URL to display/download them. I can think of a few ways to handle this. The easiest thing to do, and what I will probably do in my 'death-to-pipermail' branch is to simply scrub out the unwanted parts *after* a copy of the message is sent to the archive queue, but *before* the message is sent to the digest, usenet, and outgoing queues. I'm not sure about the *before* with respect to usenet and digest and certainly outgoing. Currently in 2.1, we don't scrub (as opposed to content filter) non-digest deliveries unless scrub_nondigest is Yes. We maybe should just drop that option. We also don't scrub messages for the MIME digest. I also don't think we scrub messages destined for usenet. I think we let usenet worry about that in the same way we propose to let whatever archiver is configured worry about it. I don't see a need to handle these differently in MM 3. [...] For now, I'm going to try to implement sending an unscrubbed copy of the message to the archivers and just throwing up our hands for the copy of the message sent to the list members. The nice side-effect of this is that it makes the scrubber *way* simpler! Perhaps we could keep the scrubber as is except for modifying it to not store scrubbed parts and put some kind of apology in the message rather than the link to the no longer stored content. Then my lp:~msapiro/mailman/scrubber-fix branch would still be relevant ;) - -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD4DBQFPY3QuVVuXXpU7hpMRAkN2AKCVzhwvBUITlLVgDMwg+V+da0cyJACXed7Q jAvaD7jeN2/4armc/nIxBw== =MsB3 -END PGP SIGNATURE- ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] Thoughts on processing for pre-approved messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've had several thoughts on what is now (in MM 3) done by rules/approved.py. There is a moderator_password list attribute which can be used in a (X-)Approve(d): header or first body line pseudo-header to pre-approve a list post. I've gone around a bit on this and I've concluded this is analogous to the list poster password I implemented for 2.1. Presumably we don't want to allow this password to be used to authenticate to the web ui. We may want to allow it for authentication for certain email commands. I'm not sure about that one. My basic thought is we know who allegedly sent the post (maybe we have a few places to check - the poster might legitimately spoof the From:), so we can find a user who owns that address, see if the user has a moderator or admin role for this list, and validate the header password against that user's password. We *don't* want to do this because the user doesn't want to send her own personal password in a plain text email header. So we use this relatively easily changed and not very capable moderator_password instead. So far, so good. Now I see some issues with what rules/approved.py does. It checks for the header and validates the password. This is good. It also removes any header or body lines containing the pseudo-header from the message. Architecturally, this latter operation belongs in the pipeline, not in a chain rule. This seems to say we need both a rules module and a pipeline module (or maybe the existing pipeline/cleanse.py) to do this, and in the interest of DRY, we really need a mlist.check_approved(msg, clean=True|False) method to do the heavy lifting. Unfortunately, this adds complexity and potential for security lapses if the rule hits but the pipeline doesn't remove the authentication. Thoughts? - -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFPY3sxVVuXXpU7hpMRAodWAKCCcHOzCm3n7Ik9VUVapsUAHTvONwCghcoN qbND9+Opjm2D+Lb5PTqxIpg= =4wV2 -END PGP SIGNATURE- ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] programming languages
I just noticed that on the launchpad page the programming languages appears: Programming Languages: Python, C but I don't see any trace of C... Cheers, Andrea ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] bugs on launchpad
Hi everyone, I filed in two bugs today: https://bugs.launchpad.net/mailman/+bug/956889 https://bugs.launchpad.net/mailman/+bug/956384 because I thought we could have a discussion there about these topics. But now I was wondering if it is a good idea, is it maybe better to write on the mailing list for these kind of things?? PS. ironically today they asked me for the first time in my life to check why Mailman was not working on a Linux server. The problem was that /var was full, but well knowing more about Mailman certainly helped :D ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] programming languages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/16/2012 1:27 PM, Andrea Crotti wrote: I just noticed that on the launchpad page the programming languages appears: Programming Languages: Python, C but I don't see any trace of C... Compiled C wrappers are used in Mailman 2.1 to ensure that unauthorized local server users can't run the web UI and mail posting scripts. For more information on how this works, see http://wiki.list.org/x/tYA9. When Mailman 3 reaches general release, we can deprecate Mailman 2.1 and remove the note about C. - -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFPY8yVVVuXXpU7hpMRAr9tAKCsuV9YucmY1QQRipIVD5RlSsyrkwCglvTg bwVCt9jqmcUSZ+QeKWG/Uxs= =03Br -END PGP SIGNATURE- ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9