Hey, I just had an idea for a Mailman (not necessarily 2.1) feature enhancement. Smack me if this isn't reasonable.
See, I just had to get myself off an opt-out spam list that Walgreens put me on, which process involved their system mailing me a randomly computer-generated username and password in cleartext. And it occurred to me that it's bugged me for some time that Mailman sends its monthly password reminders in cleartext. Someone who can sniff your mail or peek at your mail spool can unsubscribe you from mailing lists, or change your subscription options, without your consent. So, my idea: GPG support for mailman, which the server operator has a configuration option to disable, and allow registered listmembers to upload a GPG public key. This key could be used in either or both of two ways: 1. Provide an "Encrypt password reminders using GPG" option on the user options configuration page. Mailman should not allow a user who has not uploaded a key to set this option, and if a user does try to set it without first uploading a key, it should display a message explaining that a GPG public key is required in order to enable this option, and explaining to the user how to upload a key. This will prevent persons able to spy on the user's email from obtaining the user's password by that method. 2. Provide an "Accept signed posts only" option, again on the per-user options page. If this option is set by a user, Mailman will accept posts from that user only if signed with the previously-uploaded GPG key. This will enable the user to prevent malicious individuals from forging posts to the list in their name. Once again, Mailman should not allow the option to be set if no key has been uploaded. Both of these options could optionally be made global across all lists on that server to which that user is subscribed at that address. I'd offer sample implementations for both of these, except I just maybe if I'm lucky know just about enough Python to be dangerous (i.e, not enough to write code in Python, but enough to break existing code and not understand why what I did broke it). What do you think? Thoughts, questions, LARTage? -- .********* Fight Back! It may not be just YOUR life at risk. *********. : phil stracchino : unix ronin : renaissance man : mystic zen biker geek : : [EMAIL PROTECTED] : [EMAIL PROTECTED] : [EMAIL PROTECTED] : : 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) : : Linux Now! ...Because friends don't let friends use Microsoft. : _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
