-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 23, 2009, at 10:55 AM, Patrick Ben Koetter wrote:
Yes. It keeps everything in one place. I would have to work around the
freemind mindmap flash fancy stuff though, which I've just fallen in
love
with. But let's not let this get in the way.
How do we do it? Do I get write access to Mailman wiki?
You should have write access just by virtue of having an account on
the wiki. There are only a few pages that aren't generally writable
by every logged in user. If you're having a problem with a specific
page, let me know.
We've thought about different client technologies too. That's the
client
technology part I wrote about in the wiki.
Which we didn't discuss was fully authenticated access for the REST
server by
design. If I understand this correctly than any party that is able to
communicate with the REST server will have full admin access to
Mailman's data
model. In other words: It's upon any REST client to protect the REST
server
from abuse.
That's basically correct.
I feel a little uneasy not having the server control that itself
unless we
find a good way to control who may connect to the server or the
server is able
to identify valid clients by some client identity (ACL).
It depends on whether we view the REST API as a user feature or an
admin interface. I've always thought about it as the latter, but I'm
open to other opinions. OTOH, I think there's a lot of functionality
that a privileged process could need, that the general public won't
need at all. Another way to think about it is that there doesn't need
to be just one REST API.
What this means though is that when you deploy Mailman's REST
interface,
you must take care to protect it. You wouldn't want to expose it
to the
internet for example. You'd want to make sure that its interface is
accessibly on via your data center, or via localhost if you were
running
a turnkey standalone system.
I was thinking of TLS client/server authentication for open
networks. Not that
I have spent time yet to find out if Python (REST) tools provide such
functionality - I am sure it does, but given my low Python
experience, I'd
rather verify...
I'm not sure about this either.
Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAknIH8AACgkQ2YZpQepbvXHdPACeOlFuUp985yiVMpDqcMUEjIyc
3rcAoJukYnubROsC9yK1SMt6KV7yjFBk
=yOAo
-----END PGP SIGNATURE-----
_______________________________________________
Mailman-Developers mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
