On Mon, Oct 7, 2019, at 5:37 PM, Mark Sapiro wrote:
> On 10/6/19 10:11 AM, Abhilash Raj wrote:
> >
> > I am hoping that I can commit the change with the commented out code,
> > unless I am reminded of a use for the passwords in Core's database. Then,
> > it might be a bit more of work trying to figure out another way to improve
> > the speed.
>
>
> I'm not at all sure what's actually implemented, but there is a feature
> for pre-approving a post with an Approved: header with a password. This
> is also supposed to work to approve held posts, but approving/discarding
> held posts by email is broken anyway[1].
>
> Lists have a moderator_password attribute which is an encrypted version
> of a plain text password that can be used for this purpose, but the
> original intent IIRC was that this could be the password of the user
> sending the mail and would be accepted if the user was an owner or
> moderator. As I said, I'm not sure (don't think) this is implemented,
> and a much better approach is to abandon the Approved: header in favor
> of a pgp signature from an owner/moderator.
That's correct, it does seem to be implemented today but using the moderator
password.
I agree that it is better implemented using gpg signatures instead of passwords.
>
> The other possible use for this password is if a user imported by
> import21 wants to authenticate to Django, she might be able to use this
> password. I don't think that's the case now.
I don't think we should be doing this, it is better than the migration allows
for a new more secure password than re-using old ones, which have been sent out
over email in past.
It is tricky how multiple-password world get translated to single-password
world, it makes the final password somewhat non-deterministic, depending on
what the last mailing list imported was, which does not sound right anyway.
>
> --
> Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
> _______________________________________________
> Mailman-Developers mailing list -- mailman-developers@python.org
> To unsubscribe send an email to mailman-developers-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-developers.python.org/
> Mailman FAQ: https://wiki.list.org/x/AgA3
>
> Security Policy: https://wiki.list.org/x/QIA9
>
--
thanks,
Abhilash Raj (maxking)
_______________________________________________
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3
Security Policy: https://wiki.list.org/x/QIA9