Hi! On Thu, May 23, 2013 at 02:26:46PM -0400, Daniel Kahn Gillmor wrote: > On 05/23/2013 12:06 PM, Abhilash Raj wrote: <snip> > > My doubt is that how do we actually decide what is the best policy for > > us to follow? One person may agree to my point, other may not, third > > may have a different point and so on and so forth. So how do we decide > > upon one point? Voting? > > This is a good question :) > > I think you should propose a reasonable approach for handling all these > various corner cases, and where your approach has some arbitrary cutoffs > (e.g. messages with signatures older than K days will not be accepted > for delivery), you make the arbitrary cutoff tuneable by the list > administrator and choose a sensible default. > > Then you solicit and accept patches from people who have a strong > argument that your implementation isn't aligned with a reasonable policy > they would like to pursue :)
I've just typesetted http://non-gnu.uvt.nl/pub/mailman/mailman-2.1.15-with-pgp-smime_2012-08-28-patch/pgp-smime/audit.pdf and http://non-gnu.uvt.nl/pub/mailman/mailman-2.1.15-with-pgp-smime_2012-08-28-patch/pgp-smime/audit2/audit2.pdf . These document some ideas about threats for a PGP-enhanced mailman implementation. (More documentation is available in http://non-gnu.uvt.nl/pub/mailman/mailman-2.1.15-with-pgp-smime_2012-08-28-patch/pgp-smime .) HTH. <snip> > > I am really thankful for your questions and suggestions. I tried to > > answer them with some thought. Please correct me if I am wrong. > > Thanks, I really appreciate your engagement with these questions. There > are a lot of finicky details to keep track of, and you're coming up to > speed fast on questions that most people haven't thought about at all. > Keep it up! +1 Bye, Joost -- irc:joostvb@{OFTC,freenode} ∙ http://mdcc.cx/ ∙ http://ad1810.com/ _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
