-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Those of you who have been watching the commit messages can see I've been making some good progress. I'm actually hoping to have a Mailman 3.0 alpha some time RSN which will almost allow you to run the system from the command line, but without a web u/i.
So one of the things I'm looking at is the MM2.1 concept of an Approved header. If a message comes into a list with an Approved header (or an Approved line at the start of the message body), and that header has a password that matches the list admin or moderator password, the message is pre-approved and short-circuits the posting tests. The concept doesn't translate well in a Mailman 3 world where there is no shared admin or moderator password. Web access will be control via roles and protected by user authentication much like any modern web application. So the question is, what do we do about the Approved header? 1. We can drop the concept altogether. This means there'd be no way to post a message as coming from an approved source, with a bypass of the posting filters. Maybe because few people have MUAs that support adding custom headers, this feature just isn't used much in the real world these days. You'd still have the moderation bit for announce- only lists though. 2. Replace the concept with some other email authentication mechanism, e.g. something more secure like a signature check. The problem with this is that I still don't think message signing is common practice outside our small community of geeks. 3. Allow an owner or moderator to use their own password in the Approved header. I'm not crazy about this because it has to be sent in the clear and if (when?) it gets compromised, their account is compromised, and this includes their administration of the mailing list. 4. Add a new shared password just for this purpose. You'd still have to communicate it to all your moderators, probably via the web page, but at least this password wouldn't have any other purpose so if (when?) it gets compromised, the only asset it protects is approved postings. Bad yes, if a spammer gets it, but easily changed and hopefully fairly limited in the damage it can do. 5. Your suggestion. Comments? I think my preference would be for #1 with future support for #2 and just accepting the fact that message signatures are for power users. Maybe that set is pretty close to the set of people currently using Approved anyway. Cheers, - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHAwd62YZpQepbvXERAmMiAKCm3EyxA1CWxWyz4zWkzNwIDpCNKQCbBSXz hGqwpKEGmUScNjov68TUdgs= =gUiT -----END PGP SIGNATURE----- _______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
