Re: [Mailman-Developers] GSOC Project Idea discussion : Encrypted Lists (sagar kohli)

> sagar kohli wrote: > > Alter getting some idea of how encryption works, and reading about the > architecture of mailman. I would like to share the possible idea that im > thinking of which is as follows: > [snip] The way I understand your plan, it is a bit weaker compared to what is described in

[Mailman-Developers] GSOC Project Idea discussion : Encrypted Lists

Dear Mentors. Alter getting some idea of how encryption works, and reading about the architecture of mailman. I would like to share the possible idea that im thinking of which is as follows: So basically what i was thinking is 1. Every subscriber will share there public key to the mailman server

Re: [Mailman-Developers] GSoC project - Implement module to process ARC headers

> > > I/we need to find out exactly what we need. We may want to do this > through email-test.python.org (no-existent, for example, python.org is > the relevant part, or maybe a private domain of someone's), but we > have to be careful that it doesn't conflict with other uses. email-test.python.

Re: [Mailman-Developers] GSoC project - Implement module to process ARC headers

Aditya Divekar writes: > So should a new conversation be started with Mark for > our request? I/we need to find out exactly what we need. We may want to do this through email-test.python.org (no-existent, for example, python.org is the relevant part, or maybe a private domain of someone's), bu

Re: [Mailman-Developers] GSoC project - Implement module to process ARC headers

On Sat, Jun 18, 2016 at 4:08 PM, Stephen J. Turnbull wrote: > Ah, that's a problem. I don't have control of the DNS yet. We'd need > to interact with Mark. So should a new conversation be started with Mark for our request? > I'll get you on the > arc-interop list, there should be another on

Re: [Mailman-Developers] GSoC project - Implement module to process ARC headers

Aditya Divekar writes: > So if we have a domain name associated with the ip, I'll go ahead > and make the TXT records. Else, we'll have to create a new one. > I'm not aware of any way to avoid this. Let me know if you are > aware of any :) Ah, that's a problem. I don't have control of the DN

Re: [Mailman-Developers] GSoC project - Implement module to process ARC headers

> > > I don't understand what you're worried about. Of course if you change > all the names, especially with some sort of automatic process, there's > a pretty good chance of introducing typos. We fix them as we find > them, that's all. > Yes, I went ahead and made the changes. I have a separate

[Mailman-Developers] GSoC project - Implement module to process ARC headers

Hi! I'm sorry that I haven't responded before, it's been very busy catching up to $DAYJOB since getting back. > Now the next step would be to change the namespace and make it more > general to accommodate the ARC capability. That is the module now > provides the capability for ARC protocol imp

[Mailman-Developers] GSoC project - Implement module to process ARC headers

Hi! It's been sometime since the GSoC coding period started, and I apologize for putting in this mail so late! The GSoC project is divided into two repositories. ARC implementation - https://gitlab.com/adityadivekar/arc refactored dkimpy package - https://gitlab.com/adityadivekar/sign-message Th

[Mailman-Developers] GSoc Project : Doubt regarding listarchiverset

Hi I am have built an interface(IArchiver) as part of my gsoc project,which is supposed to work on the basis of message queues. I am intending to use the same interface for multiple archives, using separate queues for each archive in this system. So for this I am registering different archivers(say

Re: [Mailman-Developers] GSoC Project: pgp plugin

Jonas writes: > I would release the proposal on the project blog > cryptolists.github.io after the proposal deadline has passed. Is > there any reason not to? Privacy of proposals is entirely the student's choice. Legally, neither Google nor Mailman makes any claim to your proposal, except th

Re: [Mailman-Developers] GSoC Project: pgp plugin

Hey, I have tried to update my draft according to your suggestions, Abhilash Raj and Stephen. You should see a new URL for this third draft on your dashboard. The new draft includes a merge request and more details on how I plan to implement the extension. I'm aware that I will still have to do al

Re: [Mailman-Developers] GSoC Project: pgp plugin

I was not going to exclude anyone from a discussion relevant to them or start an offtopic conversation. I uploaded my draft yesterday, summerofcode.withgoogle.com worked after I switched from firefox to chromium. However to update the file to my local working copy – I can't help it– I had to creat

Re: [Mailman-Developers] GSoC Project: pgp plugin

Thank you Stephen. I agree with your points and I will make sure to clearly document any potential security pitfalls of the system for the users and to write a detailed and precise design plan that has special emphasis on security implications before I start coding this project. However, at the m

Re: [Mailman-Developers] GSoC Project: pgp plugin

Hi Jonas, On 03/18/2016 10:29 AM, Jonas wrote: > Thank you Stephen. > > I agree with your points and I will make sure to clearly document any > potential security pitfalls of the system for the users and to write a > detailed and precise design plan that has special emphasis on security > implica

Re: [Mailman-Developers] GSoC Project: pgp plugin

Abhilash Raj writes: Thanks for picking this up, Abhilash! Jonas writes: > > However, at the moment I'm in the middle of writing my Project Proposal. > > May I send you a draft along with personal questions? If you mean do I like cats, I don't see what that has to do with GSoC. ;-) If you me

Re: [Mailman-Developers] GSoC Project: pgp plugin

Jonas writes: > On 28.02.2016 10:30, Stephen J. Turnbull wrote: > > End-to-end encryption or signature or both seems to be the right > > thing. > > The concept of a mailserver doesn't allow real end-to-end encryption if > each recipient uses a different keypair. It's true that keeping thi

Re: [Mailman-Developers] GSoC Project: pgp plugin

On 02/29/2016 03:02 AM, Jonas wrote: > Hi Abhilash Raj, Hi Steve > > Thank you both for taking the time and considering to mentor me. > > On 28.02.2016 04:48, Abhilash Raj wrote: >> If you don't know, I worked on this project some time back in GSoC 2013. >> The current state of that project is n

Re: [Mailman-Developers] GSoC Project: pgp plugin

Hi Abhilash Raj, Hi Steve Thank you both for taking the time and considering to mentor me. On 28.02.2016 04:48, Abhilash Raj wrote: > If you don't know, I worked on this project some time back in GSoC 2013. > The current state of that project is not very good and probably needs a > *lot* of reba

[Mailman-Developers] GSoC Project: pgp plugin

Jonas writes: > The Project Idea: > Encrypted malinglists have been been a much-requested feature in mailman > 2 and I would like to run some encrypted mailinglists myself. I see Abhilash has already mentioned that he has done some work on crypto (PGP) in Mailman 3. I'll let him explain that.

Re: [Mailman-Developers] GSoC Project: pgp plugin

Hi Jonas, On 27 February 2016 at 10:35, Jonas wrote: > Hello Mailman developers, > > I was planning to write a pgp-encryption plugin for Mailman 3 that > manages one keypair per list and pubkeys of the subscribers. > I'm considering to do it as my first-time Google Summer of Code project. > Wel

[Mailman-Developers] GSoC Project: pgp plugin

Hello Mailman developers, I was planning to write a pgp-encryption plugin for Mailman 3 that manages one keypair per list and pubkeys of the subscribers. I'm considering to do it as my first-time Google Summer of Code project. I have read the GSoC 2016 rules and the Mailman wiki GSoC 2016 pages.

[Mailman-Developers] [GSoc Project] Error Creating a New Model for The Database

Bhavesh Goyal writes: > But, whenever I try to query an object from the 'task' table, I get > an sql error : no such table 'task'. Are you doing attribute access in Python code for Django, or are you writing direct SQL queries? My first guess for either case is that you haven't done the sync o

Re: [Mailman-Developers] [GSoc Project] Error Creating a New Model for The Database

Links for the Repo(s) : Core : https://code.launchpad.net/~bhavesh-goyal093/mailman/DashboardTasks Client : https://code.launchpad.net/~bhavesh-goyal093/mailman.client/DashboardTasks Postorius : https://code.launchpad.net/~bhavesh-goyal093/postorius/DashboardTasks On Sat, May 16, 2015 at 8:39 PM,

Re: [Mailman-Developers] [GSoc Project] Error Creating a New Model for The Database

On May 16, 2015, at 08:05 PM, Bhavesh Goyal wrote: >What can it be that I may be missing which is preventing me to query the >table. Really desperate for any hep on this :) Thanks... Can you post a link to the branch? Cheers, -Barry ___ Mailman-Develop

[Mailman-Developers] [GSoc Project] Error Creating a New Model for The Database

Hi ! I am trying to create a basic working prototype for one of the widgets in my project , 'Dashboard For Admins' and need some help implementing the same. I created a new 'Task' model which is supposed to show the list of pending tasks which require admin's attention. There exists two classes

Re: [Mailman-Developers] GSoC Project

Hi, I would suggest setting up mailman would be a good start http://gnu-mailman.readthedocs.org/en/latest/src/mailman/docs/WebUIin5.html and from there your can to jump beginner friendly bugs on launchpad. To get a better insight into mailman system, you can also go through their documentation.

[Mailman-Developers] GSoC Project

Hi, I'm prudhvee narasimha from India. I'm very much interested in contributing for Mailman for the project "GitHub/development tools integration" and "Shared bookmarking toolkit"under the ideas page for GSoC15. Im pretty good at C, PHP, MySQL,Unix Programming, I would really be thankful

Re: [Mailman-Developers] GSOC Project Discussion

On May 31, 2013, at 04:45 PM, Stephen J. Turnbull wrote: >Barry Warsaw writes: > > > Here's where it gets interesting. Rosters are not modeled as rows > > in a table, they are modeled as queries. [...] > > > > One of the use cases for rosters that I've always had in mind are a > > better way to

Re: [Mailman-Developers] GSOC Project Discussion

On May 30, 2013, at 06:37 PM, Richard Wackerbarth wrote: >OK. Then a "roster" represents the distribution list for a "feed" of outgoing >messages. The "mailinglist" represents the reception point(s) for the >incoming messages and the directives for handling the processing of those >messages. > >T

Re: [Mailman-Developers] GSOC Project Discussion

Barry Warsaw writes: > Here's where it gets interesting. Rosters are not modeled as rows > in a table, they are modeled as queries. [...] > > One of the use cases for rosters that I've always had in mind are a > better way to do MM2-style umbrella lists. Let's say you have one > mailing l

Re: [Mailman-Developers] GSOC Project Discussion

OK. Then a "roster" represents the distribution list for a "feed" of outgoing messages. The "mailinglist" represents the reception point(s) for the incoming messages and the directives for handling the processing of those messages. The thing that hasn't been addressed is how an individual recipi

Re: [Mailman-Developers] GSOC Project Discussion

On May 20, 2013, at 06:39 AM, Richard Wackerbarth wrote: >It is easy to say "He will receive an email about the tasks done in his >absence". However, how do you propose to compose that email? Where and how >is the information used to construct the email stored while the moderator is >on vacation.

Re: [Mailman-Developers] GSOC Project Discussion

On May 20, 2013, at 11:31 AM, varun sharma wrote: >So, I think the overlapping vacation may be handled in two ways: >1. Follow up the procedure as written above , i.e: If there are multiple >moderators going on vacation for same span of time, then the tasks will >remain pending in their ToDo list

Re: [Mailman-Developers] GSOC Project Discussion

On May 19, 2013, at 10:08 PM, varun sharma wrote: >2. The second thing is some moderators might be interested in knowing >the administrative changes done in their absence. So they should >receive a summary of the tasks done(eg. users added) in their absence >once they come back from vacation.This

Re: [Mailman-Developers] GSOC Project Discussion

On May 19, 2013, at 11:26 AM, varun sharma wrote: >I think the owner or moderators also should be allowed to use the in vacation >suspension of mails from the mailing lists they moderate or own, given all >the administrative tasks that need their attention must be added to their >ToDo queue. One

Re: [Mailman-Developers] GSOC Project Discussion

On May 17, 2013, at 04:58 PM, Richard Wackerbarth wrote: >Would it be easier if we just treated owners and moderators as a couple of >additional mailing lists. > >In other words, for list x...@example.com, we also have virtual lists >@example.com and @example.com Where the list >names are accessib

Re: [Mailman-Developers] GSOC Project Discussion

Hi Richard, Currently i have no idea how to implement getting content for tasks done in the absence of a moderator in the core but i am working on understanding core in detail. I found it as an interesting feature, so i suggested it. However it can be skipped also as it is only an add-on feature t

Re: [Mailman-Developers] GSOC Project Discussion

Varun, It is easy to say "He will receive an email about the tasks done in his absence". However, how do you propose to compose that email? Where and how is the information used to construct the email stored while the moderator is on vacation. If on a queue, which queue? ... etc. You seem to im

Re: [Mailman-Developers] GSOC Project Discussion

Hi Steve, I think it will be a good idea to provide an option of digests, as the case you have mentioned may occur in a real situation. Hi Richard, Lets take an example of a moderator of some mailing list: ==Before going on vacaton== 1. If someone sends a "new user" request, the moderator will re

Re: [Mailman-Developers] GSOC Project Discussion

Varun, Perhaps I did miss-attribute the material. Thank you for pointing it out. I offer my apologies for doing so. Sometimes the "quote levels" get confused and it is not easy to tell which author provided some particular text. Since you appear to be the one responsible for the suggested behav

Re: [Mailman-Developers] GSOC Project Discussion

varun sharma writes: > 1. The mail delivery will be stopped for moderators as well as list > owners. So the moderators should also not receive any "add request > pending" email during the vacation period. Moderators and owners need to have their vacations treated differently from other users,

Re: [Mailman-Developers] GSOC Project Discussion

Hi Richard, I think you have misunderstood my paragraph to be barry's. I was suggesting the adding up of pending tasks of moderators and list owners to their "ToDo" list during their vacation period with suspension of email. The phrase which you have mentioned, might be confusing. But actually i wa

Re: [Mailman-Developers] GSOC Project Discussion

On Sat, May 18, 2013 at 1:46 AM, Barry Warsaw wrote: > >> On May 13, 2013, at 10:52 PM, varun sharma wrote: >> >> Question: Should you be able to add a vacation stop to moderator or owner >> emails? > > I think the owner or moderators also should be allowed to use the in > vacation suspension o

Re: [Mailman-Developers] GSOC Project Discussion

Thanks barry, you have very well explained both the use cases to me. On Sat, May 18, 2013 at 1:46 AM, Barry Warsaw wrote: > On May 13, 2013, at 10:52 PM, varun sharma wrote: > > >1. Suspend emails in vacation and post from multiple email ids: > >IMember interface present in interfaces/member.py

Re: [Mailman-Developers] GSOC Project Discussion

On May 18, 2013, at 12:29 AM, "Stephen J. Turnbull" wrote: > I don't contest that there are strong similarities between a "list of > moderators" and a "mailing list of subscribers". What I'm saying is > that they're not the same, there are several variations on the theme, > and we must strongly c

Re: [Mailman-Developers] GSOC Project Discussion

Richard Wackerbarth writes: > I agree that it might be messier. But it still might be cleaner if > you want the moderators, etc. to have all of the "subscription > options" We don't. Some are meaningless (notMeToo, noDups), some should not be available (noMail -- at least not if a vacation fa

Re: [Mailman-Developers] GSOC Project Discussion

I'm not convinced that it would require all of the items that you enumerate. First, you have to look at how messages might get to the list. Since I specified that the list was a virtual list (unreachable), the only source of messages would be from the internal queue handlers. Thus they would by

Re: [Mailman-Developers] GSOC Project Discussion

Richard Wackerbarth writes: > Would it be easier if we just treated owners and moderators as a > couple of additional mailing lists. That would require additional, complex attributes that aren't appropriate for most lists to be given to all lists. They'd have to have a .virtual_list_for attrib

Re: [Mailman-Developers] GSOC Project Discussion

On May 17, 2013, at 3:16 PM, Barry Warsaw wrote: > Question: Should you be able to add a vacation stop to moderator or owner > emails? Would it be easier if we just treated owners and moderators as a couple of additional mailing lists. In other words, for list x...@example.com, we also have vi

Re: [Mailman-Developers] GSOC Project Discussion

On May 13, 2013, at 10:52 PM, varun sharma wrote: >1. Suspend emails in vacation and post from multiple email ids: >IMember interface present in interfaces/member.py is already providing the >delivery_status enum in _client module via rest api but the user.save() is >currently not functional, so t

Re: [Mailman-Developers] GSOC Project Discussion

On Tue, May 7, 2013 at 10:39 AM, Stephen J. Turnbull wrote: > varun sharma writes: > > Thanks for the introduction! > > > In my project "Better user settings management", i need to extend the > > Client class of mailman.client and i will be adding a lot of instance > > methods and variables to

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

First things first, I would like to thank you all for this kind of brainstorm. I went through all your replies and I'm about to express my opinion for each of them below: 1) I totally agree with Steve and Richard regarding the split of the Posting functionality from Hyperkitty. After all, DRY i

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

On 05/09/2013 10:31 AM, Daniel Kahn Gillmor wrote: > > On 05/09/2013 01:06 PM, Mark Sapiro wrote: >> Go to >> >> and look at the mailto: link under 'dkg at fifthhorseman.net'. > > wow, great! I have never looked at this l

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

Yes, I, too, would leave it to Peter. And I am not suggesting that he attempt to make any complete "inventory". But I don't see how you can possibly "decide requirements" without taking them into consideration. On May 9, 2013, at 1:58 PM, "Stephen J. Turnbull" wrote: > Richard Wackerbarth wri

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

Richard Wackerbarth writes: > However, we need to keep the "level of integration" issue open > until someone (presumedly the student) completes an inventory of > reasonable possibilities. I would like to leave that up to Peter. (We should avoid burdening the students with chores like inventor

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

On May 9, 2013, at 12:06 PM, "Stephen J. Turnbull" wrote: > Barry Warsaw writes: >> On May 08, 2013, at 10:31 AM, Richard Wackerbarth wrote: >> >>> I agree with Steve. One of the advantages of Django is its "mix and match" >>> capability. Actually, I see two possible apps. One would integrate w

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

Hi Mark-- On 05/09/2013 01:06 PM, Mark Sapiro wrote: > Go to > > and look at the mailto: link under 'dkg at fifthhorseman.net'. wow, great! I have never looked at this link before because i always assumed it was a link to

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

Barry Warsaw writes: > On May 08, 2013, at 10:31 AM, Richard Wackerbarth wrote: > > >I agree with Steve. One of the advantages of Django is its "mix and match" > >capability. Actually, I see two possible apps. One would integrate with > >HK. The other would be simpler, just providing a posti

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

On 05/09/2013 09:47 AM, Daniel Kahn Gillmor wrote: > > so something like: > > href="mailto:l...@example.org?In-Reply-To=%3c3469a91.d10a...@example.com%3E";>Reply > to this message Go to and look at the mailto: link u

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

On 05/09/2013 12:28 PM, Barry Warsaw wrote: > The real power here would be for someone who is reading the archives to "jump > into" a discussion, potentially long after the fact. Imagine you've done a > web search for a particular problem you're having and it lands you on a page > in an archive.

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

On May 08, 2013, at 10:31 AM, Richard Wackerbarth wrote: >I agree with Steve. One of the advantages of Django is its "mix and match" >capability. Actually, I see two possible apps. One would integrate with >HK. The other would be simpler, just providing a posting mechanism that >provides authenti

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

In practical terms, I think the time would be better spent on integrating HyperKitty and Postorius for Mailman suite *first* and then dividing out the posting capability once the integration is done. That way the person who does this has some idea of the pain points of integration so they can

Re: [Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

I agree with Steve. One of the advantages of Django is its "mix and match" capability. Actually, I see two possible apps. One would integrate with HK. The other would be simpler, just providing a posting mechanism that provides authenticated message sender. On May 8, 2013, at 10:19 AM, Stephen

[Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

Peter Markou writes: > Now regarding Richard's email, "GSoC Applicants". After having a > comprehensive examination in Hyperkitty I found that the functionality > for posting messages through web exists. I think it should be split out as a separate Django app, independent of HyperKitty. __

[Mailman-Developers] GSoC Project Discussion - Web Posting Interface.

Hello to all the members of the community, I've applied a proposal on Melange for the Web Posting Interface. The major subject of this project, as described in the wiki, is to allow logged in users to post message from the web interface and integrate it into the appropriate pages(e.g the hyperkitt

[Mailman-Developers] GSOC Project Discussion

varun sharma writes: Thanks for the introduction! > In my project "Better user settings management", i need to extend the > Client class of mailman.client and i will be adding a lot of instance > methods and variables to the class. Is this the right approach? What are you adding (some exampl

[Mailman-Developers] GSOC Project Discussion

Hi Guys, In my project "Better user settings management", i need to extend the Client class of mailman.client and i will be adding a lot of instance methods and variables to the class. Right now, i am having a look at the mailman core and mailman interfaces to figure out if the method/implementatio

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 4/29/13 5:40 AM, Ian Eiloart wrote: > Also, what kind of secure list would have automated processing of > message content as a requirement? If a message is gpg encrypted, then > every sender would require the public keys of every recipient, would > they not? Which means that a PKI for the list h

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Ian Eiloart writes: > Also, what kind of secure list would have automated processing of > message content as a requirement? Precisely, a list that wants to avoid this requirement: > If a message is gpg encrypted, then every sender would require the > public keys of every recipient, would the

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 29.04.2013 11:40, Ian Eiloart wrote: > Also, what kind of secure list would have automated processing of > message content as a requirement? imho you're asking the wrong question ;-) _All_ network communication should be encrypted, it is a pity that mail encryption is so little adopted. > If

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 27 Apr 2013, at 14:40, Richard Wackerbarth wrote: > I don't think that "we" have the expertise to create a "secure" system. At > best, we can adopt good practices and provide an obscured traffic stream. I > consider anything more to be beyond the scope of the MM project. > Also, what kind

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

I don't think that "we" have the expertise to create a "secure" system. At best, we can adopt good practices and provide an obscured traffic stream. I consider anything more to be beyond the scope of the MM project. On Apr 27, 2013, at 8:22 AM, Stefan Schlott wrote: > On 27.04.2013 06:45, Step

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 27.04.2013 06:45, Stephen J. Turnbull wrote: > > 2. Your list has elevated security requirements. In this case, you can > > use gpg-agent to manage the secret key (and its passphrase). > > I don't understand what threat you propose to address in this way. > It's true that you can prevent the

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Daniel Kahn Gillmor writes: > If mailman is storing messages on-disk in an encrypted form, Stefan's > proposal mitigates the threat of an adversary with offline access to the > disk (e.g. in the event of server theft or seizure) OK, it does that. But in the event of that kind of threat, I thi

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 04/27/2013 12:45 PM, Stephen J. Turnbull wrote: > Stefan Schlott writes: > > > 2. Your list has elevated security requirements. In this case, you can > > use gpg-agent to manage the secret key (and its passphrase). > > I don't understand what threat you propose to address in this way. > It's

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 04/27/2013 01:36 PM, Stephen J. Turnbull wrote: > without a complete redesign starting > from the assumption of encrypted messages whose plain text must > be exposed as briefly as possible. At least one project suggests that it may be possible to operate an encrypted mailing list such that the

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Barry Warsaw writes: > OTOH, maybe that's all security theater. If the Mailman system's > private key is available to an attacker, then having the encrypted > message on disk temporarily is probably not going to stop them from > decrypting it. It's worse than that. The attacker doesn't need

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Stefan Schlott writes: > 2. Your list has elevated security requirements. In this case, you can > use gpg-agent to manage the secret key (and its passphrase). I don't understand what threat you propose to address in this way. It's true that you can prevent the attacker from getting access to th

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 26.04.2013 20:55, Terri Oda wrote: > I've been wondering about that... is there any time when the encrypted > message on disk would be available but the private key not? As already pointed out, there are (at least) two ways to avoid an unprotected secret key (or the corresponding pass phrase,

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Everyone was sending singed messages so i thought to send one too ;-), Though my public keys are not available at any key-server. On Saturday 27 April 2013 12:15 AM, Barry Warsaw wrote: > On Apr 26, 2013, at 02:09 PM, Stefan Schlott wrote: > > > - di

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 04/26/2013 12:45 PM, Barry Warsaw wrote: OTOH, maybe that's all security theater. If the Mailman system's private key is available to an attacker, then having the encrypted message on disk temporarily is probably not going to stop them from decrypting it. I've been wondering about that... i

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Apr 26, 2013, at 02:09 PM, Stefan Schlott wrote: >- disk queue. I don't remember if mailman persists received (but not >yet sent) mails on disk. > >Addressing the last point, you can either choose to decrypt the mail >in a later stage, or (if thi

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 25.04.2013 21:10, Abhilash Raj wrote: >> Abhilash, i don't see any mention in your proposal of how you plan to >> deal with the secret key material. will there be a way for mailman to >> use a secret key that is stored in a password-protected form? If so, how? >> >> Well I am not quite profic

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25.04.2013 15:35, Daniel Kahn Gillmor wrote: > abhilash might have meant that there is a concern that a decrypted > message could be stored *on disk* in one of the queues, not just > in memory. Of course, it's a good idea to decrypt the data as l

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On Apr 22, 2013, at 06:24 AM, Richard Wackerbarth wrote: >I echo Stephen's comments. Although I try to lurk on the #mailman channel >most of the time, being half a world away from him, I am most likely to be at >the keyboard after 1100 UTC and before 0200 UTC. We chatted on #mailman a few days ag

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On Thu, Apr 25, 2013 at 7:05 PM, Daniel Kahn Gillmor wrote: > On 04/25/2013 04:36 PM, Stefan Schlott wrote: > > On 25.04.2013 00:14, Abhilash Raj wrote: > > > >> 1) When a message is decrypted and then passed on between the queues, it > >> creates a security threat for the cleartext message is bei

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 04/25/2013 04:36 PM, Stefan Schlott wrote: > On 25.04.2013 00:14, Abhilash Raj wrote: > >> 1) When a message is decrypted and then passed on between the queues, it >> creates a security threat for the cleartext message is being held in >> memory, even for a small time in between the runners. >

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On 25.04.2013 00:14, Abhilash Raj wrote: > 1) When a message is decrypted and then passed on between the queues, it > creates a security threat for the cleartext message is being held in > memory, even for a small time in between the runners. The Mailman server holds the key to decrypt _every_ in

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Abhilash Raj writes: > I made a small list[1] > [1]: https://gist.github.com/maxking/5455462 I strongly recommend that you put this in your proposal on Melange. The mentors will all see it on the mentors' list that way, and you won't get caught short at deadline when Melange crashes.[1] If yo

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Hi all, I made a small list[1] of deliverable for this project and required changes in mailman for it. Can you all please review it and comment on how can it be improved. Also there are two points that I am not able to think on, 1) When a message is decrypted and then passed on between the queue

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Although there might be a place for the use of OpenPGP for identification of users to the WebUI, such a project would not, in itself, be sufficiently complex for a GSoC project. If you are interested in such an effort, it would need to be combined with other (preferably related) aspects of authe

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On Sun, Apr 7, 2013 at 5:19 AM, Abhilash Raj wrote: > I am a undergrad student interested in OpenPGP integration in mailman as a > GSOC project this summer. Here is a semi-related idea; use OpenPGP instead of passwords for authentication to the web interface, possibly using monkeysphere: http://

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

I echo Stephen's comments. Although I try to lurk on the #mailman channel most of the time, being half a world away from him, I am most likely to be at the keyboard after 1100 UTC and before 0200 UTC. However, I strongly suggest that you begin more specific questions on this mailing list. Ric

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Abhilash Raj writes: > Can you tell about who is going to mentor this(OpenPGP integration with > mailman) I would guess the official mentors are likely to be myself and Wacky (Richard Wackerbarth). Joost isn't official (why not? -- you get a T-shirt! :-) but he has expressed interest and offer

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Hi all, Can you tell about who is going to mentor this(OpenPGP integration with mailman) so that I can discuss a few things about the application? Also others can you please give me a few suggestion about proposal on the idea that is discussed in this[1] thread. [1]: http://mail.python.org/piperm

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Hi Abhilash Raj, Abhilash Raj raj.abhilash1 at gmail.com schreef: >On Sun, Apr 7, 2013 at 4:47 AM, Daniel Kahn Gillmor >wrote: >> On 04/06/2013 06:53 PM, Paul Wise wrote: >> > On Sun, Apr 7, 2013 at 5:19 AM, Abhilash Raj wrote: >> > >> >> I am a undergrad student interested in OpenPGP integration

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Abhilash Raj writes: > Can you please point me in some direction to learn about the various > possible ways to sign a mail and/or encrypt it. Basically that's going to be MUA-dependent. There are standards for this (prominently S/MIME aka RFC 5751), but whether MUAs implement it is MUA-specifi

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

On Sun, Apr 7, 2013 at 7:46 PM, Stephen J. Turnbull wrote: > Abhilash Raj writes: > > > Well what i want to make it is that whenever a user sends a mail to the > > list it should be singed with his private key so that it can be verified > > against his public that he uploads if he wants permiss

Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration

Abhilash Raj writes: > Well what i want to make it is that whenever a user sends a mail to the > list it should be singed with his private key so that it can be verified > against his public that he uploads if he wants permissions to post in the > list. You mean that the user should sign it h

  1   2   >