On Thu, 8 Jun 2006, Brad Knowles wrote: > At 4:54 PM +0100 2006-06-08, David Lee wrote: > > > To the average non-techie managerial type, what terminology (Authorised? > > Authenticated? etc.) is preferable? > > I think that the authentication thing is a red herring. Stick to > the original idea and make relatively minimal modifications to the > code, and let Barry, Tokio, Mark, and others deal with the deeper > technical and architectural issues that Ian is raising. > > > That would, indeed, probably be the ideal. But that would itself mean > > that all paths by which the Mailman machine might be reached would have to > > be known to have an enforced mechanism for authenticated SMTP. (And what > > about (say) "cron" jobs generating email which might legitimately go > > through lists?) > > Which is part of why you shouldn't worry about trying to solve > this problem. With your original concept, you're not really opening > any new security holes, and you shouldn't have to worry about trying > to close those that already exist. > > Just make sure that you put in the appropriate cleanup code into > place to remove the headers in question, as is done today for the > "Approved:" header.
Thanks, Brad, for this and your previous emails. Your have nicely grasped both sides: (1) that this piece of string could be very long, and is an issue primarily for the Mailman development gurus in a global and relatively long timescale, context; (2) that my own particular per-sender password proposal is intended to be a small, self-contained thing, modelled on the existing "Approved:", and with a very similar set of security issues (positive and negative), in a local, short timescale, context. It's giving me the confidence to go ahead on this item, but I hope to keep in mind compatibility with (anticipation of) possible future developments. Thanks again. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
