I will write and publish a patch which integrates PGP signature
validation and re-encryption of encrypted posts to mailman. Specs are:
- A post will be distributed only if the PGP signature on the post is from
one of the list members.
- For sending encrypted email, a list member encrypts to the public key of
the list. The post will be decrypted and re-encrypted to the public keys
of all list members.
(Later, the patch will handle RFC 2633 (S/MIME) messages too, next to
RFC 2440 (OpenPGP)).
I've taken a look at the NAH6 secure list patch #646989 at
and at Ben Laurie's patch #645297 at
, but I believe none of these completely implements the listed
requirements (although these will help me implementing, of course). I
am asking you to take a look at my plan for implementation. Am I on the
So, the plan:
I think one way to implement it would be to add two modules to
GLOBAL_PIPELINE: in front, before SpamDetect, there would be 'PGPCheck'.
PGPCheck would check wether the message is encrypted, and, if so, make a
temporary decrypted copy in order to verify with which key is was
signed. If the message is unencrypted, it would check the signature.
It would store this information in new properties of the Mailman Message
A second new module in GLOBAL_PIPELINE would be 'PGPRecrypt', to be
called after CookHeaders' and before 'ToDigest'. This would, if needed,
decrypt the message and reencrypt it to all recipients, and would sign
If for instance a list member erroneously signs a post with a wrong
public key, and encrypts the message, this message should be handled
carefully. I believe the Hold module should be adapted for this. A
copy of the original encrypted message should be kept. The message
should be decrypted, signed with the listkey, encrypted to the list
moderator key, and sent for acknowledgement. If the moderator chooses
to deny the message, the poster should get her original message back.
For all PGP handling, I plan to use Frank J. Tobin's GnuPGInterface (
http://py-gnupg.sourceforge.net/ ). I plan to write the patch against
current stable Mailman.
Any insight to share on this?
Joost van Baal http://abramowitz.uvt.nl/
j.e.vanbaal(a)uvt.nl The Netherlands
One of our users reported that Mailman (2.1.5) sometimes adds blank
Cc headers and he sent in a link to this patch to the debian version
that claims to fix it:
I searched around on sourceforge and the mailman faq wizard and
google and didn't see any other mention of it. Does anyone know
about this? Is there an existing patch outside of Debian?
Because the mailman-users and mailman-developers lists frequently
discuss administrivia matters and because most users on these lists know
how to properly email the list server for administrivia tasks, most
administrivia filter matches to these lists are false positives.
We have just changed the list config to no longer try to filter out
administrivia requests. When you send email to unsubscribe or otherwise
change your list settings be *extra* careful to send your request to the
server address and not the list submission address, lest your mistake go
out to the whole list. (You probably won't like the flames this is
likely to produce.)
jc - volunteer assistant list admin for -users and -dev
I just returned from a fascinating trip to Morocco, where, among other
things, I helped to organize this event on language localization in
Casablanca. I thought this statement might be of interest. Take note in
particular of the project homepage (http://www.bisharat.net/PanAfrLoc).
This announcement is also posted on the Kabissa site at
It would be interesting to discuss where Mailman fits into this picture.
Begin forwarded message:
> From: "Donald Z. Osborn" <dzo(a)BISHARAT.NET>
> Date: June 21, 2005 10:52:57 AM EDT
> To: AFRIK-IT(a)LISTSERV.HEANET.IE
> Subject: Casablanca Statement on ICT Localisation in Africa
> Reply-To: "African Network of IT Experts and Professionals (ANITEP)
> List" <AFRIK-IT(a)LISTSERV.HEANET.IE>
> The PanAfrican Localisation workshop held in Casablanca, June 13-15,
> together localisation experts and representatives of localisation
> projects from
> various countries in Africa and some beyond. We considered the state of
> localisation on the continent, key issues, and ideas for facilitating
> advancing localisation efforts. The meeting also produced a brief
> (below). URLs for the sponsoring and collaborationg agencies and for
> project webpage follow. (Pardon the cross-posts.)
> Don Osborn
> Coordinator of the PanAfrican Localisation Project
> Pan African Localisation Workshop
> Casablanca Statement
> African localisation experts met in Casablanca in a workshop organised
> Kabissa with Bisharat under IDRC funding, and in collaboration with
> MTDS and
> the Casablanca Technopark centre. The event benefitted from
> contributions from
> the Moroccan Minister-Delegate to the Prime Minister in Charge of
> General and
> Economic Affairs, the Canadian Ambassador to Morocco, and experts from
> After three days of work, the participants in the meeting reached the
> * Limiting people to the use of information and communication
> technology (ICT)
> in a foreign language tends to exacerbate the digital divide; makes ICT
> adoption long, difficult, and expensive; and impoverishes local
> * Localisation makes ICT more accessible to everybody, including users
> rural areas and young students, reinforcing the importance of our
> culture and
> helping us preserve our identity.
> * Localisation of ICT into indigenous African languages is therefore
> key to
> rapid and fair development in Africa.
> * For localisation to succeed and have its maximum impact in society,
> collaboration among governments, civil society, educators, linguists,
> professionals, standards organisations and development agencies is
> We, the participants, commit ourselves to promoting this vision and
> towards social development in Africa through ICT localisation.
> Casablanca, 15 June 2005
> IDRC http://www.idrc.ca/
> Kabissa http://www.kabissa.org/
> Bisharat http://www.bisharat.net/
> MTDS http://www.mtds.com/
> Casablanca Technopark http://www.casablanca-technopark.ma/
> PanAfrican Localisation Project http://www.bisharat.net/PanAfrLoc
> For further information, write: bisharat(a)bisharat.net
I have just uploaded an updated patch that will make the web UI for
MM 2.1.6 XHTML 1.0 strict compliant. This patch allows for some CSS
formatting as well.
I have tried to make all the pages compliant, but I may have missed
some combinations of pages and options, so if you find some that
aren't compliant, please let me know which page isn't compliant and
under which circumstances it's not.
It it patch 1160353 in the Sourceforge Mailman patch repository.
If anyone has any feedback on it, I'd love to hear it,since this is
my first attempt at creating a patch.
Bryan Carbonnell - carbonnb(a)sympatico.ca
The man who claims to be the boss in his own home will lie about
other things as well.
Daniel Lyons wrote:
> I came across your message to the mailman users list from a year ago. I
> just received a "ValueError: unpack list of wrong size" error in
> Mailman, and I wanted to give you the offending message in case you are
> still the maintainer of Scrubber.py.
> The offending message is attached.
Looks like the offending line was this:
filename*0="Today's Headlines- C.I.A. Is Reviewing Its Security
for R"; filename*1="ecruiting Translators.jpg"
Note that RFC2231 encoding specifies "'" as a special character for
delimiting charset'lang'content. The sender's MUA should have encoded
"'" as "%27".
Of course, Mailman and Python email package should be robust for such
violation. I need more time to fix this.
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
I'm packaging the 2.1.6 release and just want to sanity check something.
The following readme files which were in 2.1.5 have been removed in
2.1.6. I assume this is because they've been superceded by the 2.1.6
documentation in admin/www/mailman-install. Correct?
John Dennis <jdennis(a)redhat.com>
Saw this on the NOSI discussion list - perhaps of interest to Mailman
> Not sure if people know about Google's 'Summer of Code' scheme:
> "The Summer of Code is a program in which student developers are
> with a stipend to create new open source programs or to help currently
> established projects. Google will be working with a variety of open
> free software and technology related groups to identify and fund up to
> projects over a 3 month time span."
> There's information for potential mentoring organisations at:
> The deadline is quite short though - 14 June.
> Simon Pavitt
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.322 / Virus Database: 267.1.0 - Release Date: 27/05/2005
> NOSI-discussion-nosi.net mailing list