On Mar 05, 2014, at 09:06 AM, Bhargav Golla wrote:
>files in mailman, I found that the default username and password for admin
>is restadmin and restpass. Tried that and was out of luck there too. Could
>you help me with the default username and password details?
That's only the default username and password for the privileged admin REST
API in the core. The web ui uses that to speak to the core, but if you're
connecting to the web ui, that username and password won't be exposed.
-Barry
Hi Bhargav,
You will be asked whether to *add a superuser* during *syncdb*. If you
answered no to that, do *python manage.py createsuperuser * and use that
username and password to login.
*Regards,Rajeev S*
*Government Engineering College,Thrissur*
*http://rajeevs.tk <http://rajeevs.tk>*
On Wed, Mar 5, 2014 at 8:05 PM, Bhargav Golla <bgolla(a)g.clemson.edu> wrote:
> Hi Abhilash
>
> If you mean the last step of installation where we do cd
> postorius_standalone;python manage.py syncdb, I wasn't asked for any
> username/password. I checked the settings.py and it doesn't have any
> specific default username/password.
>
> And the http://localhost:8001/3.0 worked for me.
>
>
> On Wed, Mar 5, 2014 at 9:22 AM, Abhilash Raj <raj.abhilash1(a)gmail.com
> >wrote:
>
> > Hi Bhargav,
> >
> > On Wednesday 05 March 2014 07:36 PM, Bhargav Golla wrote:
> > > Thanks for that change Rajeev. I was able to get the Web UI up and
> > running.
> > > I was trying to find out the default Username and password for this but
> > was
> > > unable to. When I was exploring docs in mailman.client and some config
> > > files in mailman, I found that the default username and password for
> > admin
> > > is restadmin and restpass. Tried that and was out of luck there too.
> > Could
> > > you help me with the default username and password details?
> >
> > While setting up Postorius(the web UI) when you do 'python manage.py
> > syncdb' for the first time, it asks you to create admin. You can log in
> > using those credentials. 'restadmin' and 'restpass' are the credentials
> > for the mailman rest server.
> >
> > > Also, there is a using.txt doc in mailman.client which says we can make
> > the
> > > REST requests by connecting to http://localhost:9001/3.0 using
> username
> > and
> > > password. Should the URL be http://localhost:9000/3.0 for this example
> > or
> > > would it be any different?
> >
> > AFAIK it is 'http://localhost:8001/3.0'. (Try it once. If I am wrong
> > please someone correct me)
> >
> > >
> > > Thanks
> > >
> > >
> > > On Mon, Mar 3, 2014 at 1:38 PM, Rajeev S <rajeevs1992(a)gmail.com>
> wrote:
> > >
> > >> Hi Bhargav,
> > >>
> > >> Just do *mailman start*, without the bin.
> > >>
> > >> I have edited the wiki.
> > >>
> > >>
> > >> *Regards, Rajeev S*
> > >> *Government Engineering College,Thrissur*
> > >> *http://rajeevs.tk <http://rajeevs.tk>*
> > >>
> > >>
> > >> On Mon, Mar 3, 2014 at 10:37 PM, Bhargav Golla <bgolla(a)g.clemson.edu
> > >wrote:
> > >>
> > >>> Thanks Barry and Terri for your feedback.
> > >>> I was trying to install Postorius locally and analyze what all would
> be
> > >>> required in a mobile app for Admin. Doing the same, I have hit a
> > >>> roadblock.
> > >>> I am using the wiki provided here[1]. I tried to install mailman
> using
> > >>> "set
> > >>> up sources" part of the wiki. Though python setup.py install executes
> > >>> without any errors, I am unable to see the folder bin/ in the same
> > >>> directory. So, even though I proceed with further setup, I am
> getting a
> > >>> "Mailman REST API not available. Please start mailman core" on my
> > >>> localhost:8000 webpage. Could anyone help me here?
> > >>>
> > >>> [1]
> > >>>
> > >>>
> >
> http://wiki.list.org/display/DEV/A+5+minute+guide+to+get+the+Mailman+web+UI…
> > >>>
> > >>> Thanks
> > >>>
> > >>>
> > >>> On Sun, Mar 2, 2014 at 1:18 AM, Terri Oda <terri(a)toybox.ca> wrote:
> > >>>
> > >>>>
> > >>>> On 2014-02-28, 7:36 AM, Bhargav Golla wrote:
> > >>>>
> > >>>>> I have a few questions regarding this idea.
> > >>>>> 1. I intend to develop it on Cordova since it will help in porting
> > the
> > >>> app
> > >>>>> easily to multiple platforms. Were there any ideas in this
> directions
> > >>>>> regarding going native or hybrid?
> > >>>>>
> > >>>>
> > >>>> Personally, I'd prefer if we went hybrid and had an html5 webapp
> that
> > >>>> could be used straight over the web for mobile users who don't want
> to
> > >>>> install an app, with Cordova used to build the individual platform
> > >>> apps. I
> > >>>> may not be the mentor on this one, though, so I'm happy to defer to
> > >>> whoever
> > >>>> the final mentor is on this front.
> > >>>>
> > >>>> Incidentally, I've been using Intel's XDK for building Cordova apps
> > >>> lately
> > >>>> and highly recommend it for quick testing on various platforms and
> > >>> screen
> > >>>> sizes. I've found it a very useful tool, and not just because I
> work
> > >>> for
> > >>>> Intel now!
> > >>>>
> > >>>> 2. Can I assume that all mailing lists built by Mailman support the
> > >>> REST
> > >>>>> interface? Also, I have tried to see if I can get JSON responses
> and
> > I
> > >>> am
> > >>>>> unable to by adding a HTTP Accept Header to take
> "application/json".
> > >>> Am I
> > >>>>> doing anything wrong or is JSON not implemented?
> > >>>>>
> > >>>>
> > >>>> I don't know the answer to this off the top of my head: Barry?
> > >>>>
> > >>>>
> > >>>> 3. As a starter, could I ignore internationalization for GSoC, but
> > >>>>> implement interface in such a way as to be able to internationalize
> > it
> > >>>>> easily?
> > >>>>>
> > >>>>
> > >>>> We don't expect you to actually translate anything, don't worry. :)
> > But
> > >>>> you should definitely build as much as possible so that
> > >>>> internationalization will be easy: make sure there's a quick way to
> > get
> > >>> a
> > >>>> list of strings that need translation, at least. Some of the
> strings
> > >>> may
> > >>>> be already translated in other components of Mailman, so you may be
> > >>> able to
> > >>>> get some translations to use to test if you have time at the end of
> > the
> > >>>> summer for internationalization.
> > >>>>
> > >>>> Terri
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>> --
> > >>> Bhargav Golla
> > >>> M.S Computer Science
> > >>> Github <http://www.github.com/bhargavgolla> |
> > >>> LinkedIN<http://www.linkedin.com/in/bhargavgolla>
> > >>> | Website <http://www.bhargavgolla.com/>
> > >>> _______________________________________________
> > >>> Mailman-Developers mailing list
> > >>> Mailman-Developers(a)python.org
> > >>> https://mail.python.org/mailman/listinfo/mailman-developers
> > >>> Mailman FAQ: http://wiki.list.org/x/AgA3
> > >>> Searchable Archives:
> > >>> http://www.mail-archive.com/mailman-developers%40python.org/
> > >>> Unsubscribe:
> > >>>
> >
> https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm…
> > >>>
> > >>> Security Policy: http://wiki.list.org/x/QIA9
> > >>>
> > >>
> > >>
> > >
> > >
> >
> > --
> > Abhilash Raj
> >
> >
>
>
> --
> Bhargav Golla
> M.S Computer Science
> Github <http://www.github.com/bhargavgolla> |
> LinkedIN<http://www.linkedin.com/in/bhargavgolla>
> | Website <http://www.bhargavgolla.com/>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers(a)python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm…
>
> Security Policy: http://wiki.list.org/x/QIA9
>
Hi Abhilash
If you mean the last step of installation where we do cd
postorius_standalone;python manage.py syncdb, I wasn't asked for any
username/password. I checked the settings.py and it doesn't have any
specific default username/password.
And the http://localhost:8001/3.0 worked for me.
On Wed, Mar 5, 2014 at 9:22 AM, Abhilash Raj <raj.abhilash1(a)gmail.com>wrote:
> Hi Bhargav,
>
> On Wednesday 05 March 2014 07:36 PM, Bhargav Golla wrote:
> > Thanks for that change Rajeev. I was able to get the Web UI up and
> running.
> > I was trying to find out the default Username and password for this but
> was
> > unable to. When I was exploring docs in mailman.client and some config
> > files in mailman, I found that the default username and password for
> admin
> > is restadmin and restpass. Tried that and was out of luck there too.
> Could
> > you help me with the default username and password details?
>
> While setting up Postorius(the web UI) when you do 'python manage.py
> syncdb' for the first time, it asks you to create admin. You can log in
> using those credentials. 'restadmin' and 'restpass' are the credentials
> for the mailman rest server.
>
> > Also, there is a using.txt doc in mailman.client which says we can make
> the
> > REST requests by connecting to http://localhost:9001/3.0 using username
> and
> > password. Should the URL be http://localhost:9000/3.0 for this example
> or
> > would it be any different?
>
> AFAIK it is 'http://localhost:8001/3.0'. (Try it once. If I am wrong
> please someone correct me)
>
> >
> > Thanks
> >
> >
> > On Mon, Mar 3, 2014 at 1:38 PM, Rajeev S <rajeevs1992(a)gmail.com> wrote:
> >
> >> Hi Bhargav,
> >>
> >> Just do *mailman start*, without the bin.
> >>
> >> I have edited the wiki.
> >>
> >>
> >> *Regards, Rajeev S*
> >> *Government Engineering College,Thrissur*
> >> *http://rajeevs.tk <http://rajeevs.tk>*
> >>
> >>
> >> On Mon, Mar 3, 2014 at 10:37 PM, Bhargav Golla <bgolla(a)g.clemson.edu
> >wrote:
> >>
> >>> Thanks Barry and Terri for your feedback.
> >>> I was trying to install Postorius locally and analyze what all would be
> >>> required in a mobile app for Admin. Doing the same, I have hit a
> >>> roadblock.
> >>> I am using the wiki provided here[1]. I tried to install mailman using
> >>> "set
> >>> up sources" part of the wiki. Though python setup.py install executes
> >>> without any errors, I am unable to see the folder bin/ in the same
> >>> directory. So, even though I proceed with further setup, I am getting a
> >>> "Mailman REST API not available. Please start mailman core" on my
> >>> localhost:8000 webpage. Could anyone help me here?
> >>>
> >>> [1]
> >>>
> >>>
> http://wiki.list.org/display/DEV/A+5+minute+guide+to+get+the+Mailman+web+UI…
> >>>
> >>> Thanks
> >>>
> >>>
> >>> On Sun, Mar 2, 2014 at 1:18 AM, Terri Oda <terri(a)toybox.ca> wrote:
> >>>
> >>>>
> >>>> On 2014-02-28, 7:36 AM, Bhargav Golla wrote:
> >>>>
> >>>>> I have a few questions regarding this idea.
> >>>>> 1. I intend to develop it on Cordova since it will help in porting
> the
> >>> app
> >>>>> easily to multiple platforms. Were there any ideas in this directions
> >>>>> regarding going native or hybrid?
> >>>>>
> >>>>
> >>>> Personally, I'd prefer if we went hybrid and had an html5 webapp that
> >>>> could be used straight over the web for mobile users who don't want to
> >>>> install an app, with Cordova used to build the individual platform
> >>> apps. I
> >>>> may not be the mentor on this one, though, so I'm happy to defer to
> >>> whoever
> >>>> the final mentor is on this front.
> >>>>
> >>>> Incidentally, I've been using Intel's XDK for building Cordova apps
> >>> lately
> >>>> and highly recommend it for quick testing on various platforms and
> >>> screen
> >>>> sizes. I've found it a very useful tool, and not just because I work
> >>> for
> >>>> Intel now!
> >>>>
> >>>> 2. Can I assume that all mailing lists built by Mailman support the
> >>> REST
> >>>>> interface? Also, I have tried to see if I can get JSON responses and
> I
> >>> am
> >>>>> unable to by adding a HTTP Accept Header to take "application/json".
> >>> Am I
> >>>>> doing anything wrong or is JSON not implemented?
> >>>>>
> >>>>
> >>>> I don't know the answer to this off the top of my head: Barry?
> >>>>
> >>>>
> >>>> 3. As a starter, could I ignore internationalization for GSoC, but
> >>>>> implement interface in such a way as to be able to internationalize
> it
> >>>>> easily?
> >>>>>
> >>>>
> >>>> We don't expect you to actually translate anything, don't worry. :)
> But
> >>>> you should definitely build as much as possible so that
> >>>> internationalization will be easy: make sure there's a quick way to
> get
> >>> a
> >>>> list of strings that need translation, at least. Some of the strings
> >>> may
> >>>> be already translated in other components of Mailman, so you may be
> >>> able to
> >>>> get some translations to use to test if you have time at the end of
> the
> >>>> summer for internationalization.
> >>>>
> >>>> Terri
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Bhargav Golla
> >>> M.S Computer Science
> >>> Github <http://www.github.com/bhargavgolla> |
> >>> LinkedIN<http://www.linkedin.com/in/bhargavgolla>
> >>> | Website <http://www.bhargavgolla.com/>
> >>> _______________________________________________
> >>> Mailman-Developers mailing list
> >>> Mailman-Developers(a)python.org
> >>> https://mail.python.org/mailman/listinfo/mailman-developers
> >>> Mailman FAQ: http://wiki.list.org/x/AgA3
> >>> Searchable Archives:
> >>> http://www.mail-archive.com/mailman-developers%40python.org/
> >>> Unsubscribe:
> >>>
> https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm…
> >>>
> >>> Security Policy: http://wiki.list.org/x/QIA9
> >>>
> >>
> >>
> >
> >
>
> --
> Abhilash Raj
>
>
--
Bhargav Golla
M.S Computer Science
Github <http://www.github.com/bhargavgolla> |
LinkedIN<http://www.linkedin.com/in/bhargavgolla>
| Website <http://www.bhargavgolla.com/>
Thanks for that change Rajeev. I was able to get the Web UI up and running.
I was trying to find out the default Username and password for this but was
unable to. When I was exploring docs in mailman.client and some config
files in mailman, I found that the default username and password for admin
is restadmin and restpass. Tried that and was out of luck there too. Could
you help me with the default username and password details?
Also, there is a using.txt doc in mailman.client which says we can make the
REST requests by connecting to http://localhost:9001/3.0 using username and
password. Should the URL be http://localhost:9000/3.0 for this example or
would it be any different?
Thanks
On Mon, Mar 3, 2014 at 1:38 PM, Rajeev S <rajeevs1992(a)gmail.com> wrote:
> Hi Bhargav,
>
> Just do *mailman start*, without the bin.
>
> I have edited the wiki.
>
>
> *Regards, Rajeev S*
> *Government Engineering College,Thrissur*
> *http://rajeevs.tk <http://rajeevs.tk>*
>
>
> On Mon, Mar 3, 2014 at 10:37 PM, Bhargav Golla <bgolla(a)g.clemson.edu>wrote:
>
>> Thanks Barry and Terri for your feedback.
>> I was trying to install Postorius locally and analyze what all would be
>> required in a mobile app for Admin. Doing the same, I have hit a
>> roadblock.
>> I am using the wiki provided here[1]. I tried to install mailman using
>> "set
>> up sources" part of the wiki. Though python setup.py install executes
>> without any errors, I am unable to see the folder bin/ in the same
>> directory. So, even though I proceed with further setup, I am getting a
>> "Mailman REST API not available. Please start mailman core" on my
>> localhost:8000 webpage. Could anyone help me here?
>>
>> [1]
>>
>> http://wiki.list.org/display/DEV/A+5+minute+guide+to+get+the+Mailman+web+UI…
>>
>> Thanks
>>
>>
>> On Sun, Mar 2, 2014 at 1:18 AM, Terri Oda <terri(a)toybox.ca> wrote:
>>
>> >
>> > On 2014-02-28, 7:36 AM, Bhargav Golla wrote:
>> >
>> >> I have a few questions regarding this idea.
>> >> 1. I intend to develop it on Cordova since it will help in porting the
>> app
>> >> easily to multiple platforms. Were there any ideas in this directions
>> >> regarding going native or hybrid?
>> >>
>> >
>> > Personally, I'd prefer if we went hybrid and had an html5 webapp that
>> > could be used straight over the web for mobile users who don't want to
>> > install an app, with Cordova used to build the individual platform
>> apps. I
>> > may not be the mentor on this one, though, so I'm happy to defer to
>> whoever
>> > the final mentor is on this front.
>> >
>> > Incidentally, I've been using Intel's XDK for building Cordova apps
>> lately
>> > and highly recommend it for quick testing on various platforms and
>> screen
>> > sizes. I've found it a very useful tool, and not just because I work
>> for
>> > Intel now!
>> >
>> > 2. Can I assume that all mailing lists built by Mailman support the
>> REST
>> >> interface? Also, I have tried to see if I can get JSON responses and I
>> am
>> >> unable to by adding a HTTP Accept Header to take "application/json".
>> Am I
>> >> doing anything wrong or is JSON not implemented?
>> >>
>> >
>> > I don't know the answer to this off the top of my head: Barry?
>> >
>> >
>> > 3. As a starter, could I ignore internationalization for GSoC, but
>> >> implement interface in such a way as to be able to internationalize it
>> >> easily?
>> >>
>> >
>> > We don't expect you to actually translate anything, don't worry. :) But
>> > you should definitely build as much as possible so that
>> > internationalization will be easy: make sure there's a quick way to get
>> a
>> > list of strings that need translation, at least. Some of the strings
>> may
>> > be already translated in other components of Mailman, so you may be
>> able to
>> > get some translations to use to test if you have time at the end of the
>> > summer for internationalization.
>> >
>> > Terri
>> >
>> >
>>
>>
>> --
>> Bhargav Golla
>> M.S Computer Science
>> Github <http://www.github.com/bhargavgolla> |
>> LinkedIN<http://www.linkedin.com/in/bhargavgolla>
>> | Website <http://www.bhargavgolla.com/>
>> _______________________________________________
>> Mailman-Developers mailing list
>> Mailman-Developers(a)python.org
>> https://mail.python.org/mailman/listinfo/mailman-developers
>> Mailman FAQ: http://wiki.list.org/x/AgA3
>> Searchable Archives:
>> http://www.mail-archive.com/mailman-developers%40python.org/
>> Unsubscribe:
>> https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm…
>>
>> Security Policy: http://wiki.list.org/x/QIA9
>>
>
>
--
Bhargav Golla
M.S Computer Science
Github <http://www.github.com/bhargavgolla> |
LinkedIN<http://www.linkedin.com/in/bhargavgolla>
| Website <http://www.bhargavgolla.com/>
Abhilash Raj writes:
> Hi,I have a pretty good understand of the mailman core, I would
> love to co-mentor any project if I am allowed?
You're allowed. Lots of former students (and the occasional current
student as well!) are mentors.
Some of the following my sound harsh, and it is my private opinion; I
don't speak for Mailman or for GSoC. I expose it on this list because
there may be others lurking with the ambition to be a mentor, and
they're in similar situation to you in many ways.
I'm not opposed making you a formal mentor (that's not my decision,
but my opinion will surely be input to it), but I'm not very positive
right now. I have had only very sporadic contact with you since GSoC
last year. No explanations needed, it's just a fact, and it's two-
sided issue, anyway. I just want you to know where you stand -- it is
not a criticism of *you*, and it's not a "decision".
To be a formal mentor (and "get the stupid T-shirt" :-), you will need
to establish a presence with at least one, preferably several of the
current mentors. We need confidence that you'll be available to the
student when she/he gets in trouble. Not 100%, but a mentor or
co-mentor who doesn't contribute much and then disappears halfway is a
really bad thing, and we especially need confidence that you'll be
around at deadline time (there's no administrative difference between
mentor and co-mentor: both can edit the evaluation forms, both can see
the same student data), because you may need to do the evaluation if
your co-mentor is unavailable.
On the other hand, informally, if you want to mentor, just start.
<wink/> Your goal should be to make it clear that we can't dispense
with your advice on a project we want to implement. Then we *have* to
make you an official mentor! (I'm not sure if there's a deadline on
that.)
Of course "indispensible" is a *very* high standard, but the advice to
just start mentoring (on-list) is the best you're going to get. The
more of that you do, the better we know you. Including your faults --
having your faults known IS AN ADVANTAGE because that way we can give
you a good teammate who has strengths there!
Other things you can do: participate in the sprints at PyCon. Most of
the mentors will be sprinting. I can't go myself, but will
participate by IRC and email, and try to do work in advance so it's
easily available to the onsite sprinters.
Of course general development work, submitting patches, and discussing
them publicly is useful.
But in the end, the most effective path is to show that you *are* a
mentor, by doing it!
In general, what is missing from these "anonymization" proposals are
use cases, user stories which display the reasons for anonymity and the
definition of anonymity (for example, should repeated posts from a
given subscriber have the same "From" field or not?) For example, the
following organizations want a "fully anonymized" list:
1. An Alcoholics Anonymous meeting.
2. A therapy group for battered wives led by a professional therapist
(whose identity is known to all, and who knows all realspace
identities -- but maybe can't match them to list identities).
3. A corporate whistleblower/suggestion box.
4. A terrorist cell. (I'm not suggesting we should *care* about
serving these people well, and maybe we should try *not* to serve
them -- it's an intellectual exercise.)
5. A tax evaders users' group. (ditto)
How do their needs differ? How are they similar? How well does your
proposal serve their needs? I'm not too serious about that specific
list, individual students may or may not have experience and knowledge
of those use cases. But I would strongly prefer to work with a
student who thinks about these issues *explicitly* and *concretely* in
terms of use cases. In particular, it may seem obvious that we can't
protect the subscriber database against the site admin/root, but then
we have to give up on use case 3 above. Or do we?
These are hard, *hard*, HARD questions. Even Bruce Schneier (if you
don't know who he is, find out!) might not get the answers at first
try. I don't ask you to get the hard ones at all! But sometimes the
answer is obvious from just asking the question (use case 3 vs root
access), so you'd best ask some of those easy ones. :-)
About this specific proposal:
Kshitij Gupta writes:
> As I understand, we can do this in the following ways:
> 1. For each subscriber on the mailing list generate a random encryption and
> decryption key, which will be store in the database.
If the keys never leave the database, why not use symmetric
encryption? Why do different subscribers need different keys?
If they do leave the database, how are they distributed? How is the
distribution protected from the standard attacks (eg, man in the
middle)?
> 2. Everytime user sends the mail we can encrypt the email to a hash which
> will then be used as the pseudo id for the user. To do this we can either
> use salt (as in time) to ensure a new email id is generated everytime
I don't understand why you would ever want this, let alone why there
is a use case common enough to be worth implementing in Mailman.
That doesn't mean there isn't any, but please explain.
> or without salt which equivalently fixes a single id for the user.
> 3. From the email we can cleanup headers, converting the users timezone to
> a standard UTC timezone.
You also probably need to handle Message-ID specially.
> 4. We can also hash the users original email id and append it as a
> signature to sign the mail, ensuring the authenticity of mail in a
> conversation.
That's not how digital signatures are done, and only those with access
to a descryption key can check authenticity.
> 5. For replies, the person replying can respond to the message, the email
> address will then be decrypted by matching against the list of all
> decryption keys and matching the digest of the mail id for additional
> security and forwarding it to the intended user.
I'm not sure I understand the "additional security part." In any
case, if you have a "digest", why not use that as a unique key into
the user database, so that the actual decryption becomes an
authentication, and only needs to be done once?
> The above steps (in my understanding):
> 1. Will allow users to anonymously post to mailing lists.
Except that the site admin knows where to find each user. The site
admin had better be the only entity with such access.
> 2. Ensure nobody can pretend to be someone else in a thread via the
> personal salt.
But how about spoofing subscriptions? Do we care about that? What if
a user happens to know the address of another user, and spoofs that?
> 3. Allow users to communicate in threads and reply to each other.
> 4. Use a constant space for users in the database, at the cost of matching
> against multiple decryption keys and then checking against the hashed email.
Is constant space really an issue?
> Look forward to some feedback and hope to contribute to the mailman
> community.
>
> [1]- https://code.launchpad.net/apparmor-profile-tools , however the code
> was recently merged into the branch upstream at:
> https://code.launchpad.net/apparmor where development continues.
>
> Regards,
> Kshitij Gupta
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers(a)python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/stephen%40xemacs…
>
> Security Policy: http://wiki.list.org/x/QIA9
Hello,
I am Kshitij Gupta, an undergrad student in Computer Science and
Engineering at National Institute of Technology, Jamshedpur, India. I have
previously worked on AppArmor Profile Tools[1] in GSoC'13 for openSUSE and
have some experience with Python and bzr/launchpad. I have had little
exposure to workings of email and mail servers.
I have been looking at the project description and found the idea
particularly interesting as it will allow me learn about internal working
of mailman and also understand privacy aspects.
As I understand, we can do this in the following ways:
1. For each subscriber on the mailing list generate a random encryption and
decryption key, which will be store in the database.
2. Everytime user sends the mail we can encrypt the email to a hash which
will then be used as the pseudo id for the user. To do this we can either
use salt (as in time) to ensure a new email id is generated everytime or
without salt which equivalently fixes a single id for the user.
3. From the email we can cleanup headers, converting the users timezone to
a standard UTC timezone.
4. We can also hash the users original email id and append it as a
signature to sign the mail, ensuring the authenticity of mail in a
conversation.
5. For replies, the person replying can respond to the message, the email
address will then be decrypted by matching against the list of all
decryption keys and matching the digest of the mail id for additional
security and forwarding it to the intended user.
The above steps (in my understanding):
1. Will allow users to anonymously post to mailing lists.
2. Ensure nobody can pretend to be someone else in a thread via the
personal salt.
3. Allow users to communicate in threads and reply to each other.
4. Use a constant space for users in the database, at the cost of matching
against multiple decryption keys and then checking against the hashed email.
Look forward to some feedback and hope to contribute to the mailman
community.
[1]- https://code.launchpad.net/apparmor-profile-tools , however the code
was recently merged into the branch upstream at:
https://code.launchpad.net/apparmor where development continues.
Regards,
Kshitij Gupta
Tom Browder writes:
We really appreciate your efforts to test the betas of Mailman 3. But
please do be aware that although there are sites already successfully
using Mailman 3 in production, the development team doesn't recommend
use of any of the components (core, Postorius, HyperKitty) in
production yet.
> I have no idea what to do next,
Nothing. :-) I've already Cc'd (and set Reply-To to) mailman-developers,
which is a more appropriate place for this report. (Many Mailman-Users
are not interested in MM3 yet, while Mailman-Developers are by
definition, as MM2 is basically end-of-life. Also, some relevant
developers may read mailman-developers more frequently than they read
mailman-users.)
Actually, I do have a couple of ideas. First, you should always
report the whole error trace (if you think that's ugly in an email,
attach it as a file). In this particular case, I suspect that the
problem is in the test before the one that caused the Exception, which
failed leaving the database locked. It would be very helpful to
identify that test, which would probably be the *first* frame in the
trace.
Second, you should look in the server's logs to see if there were any
errors that might have caused the incomplete transaction.
> and help or ideas would be greatly appreciated.
If you have no idea, then reporting to the developers is the best you
can do. Use "Mailman Developers" <mailman-developers(a)python.org> or
report via Launchpad.
Pretty clearly what's happened is that some previous test locked the
database (probably anything that accesses the database does so at
least long enough to read the whole record), and either (1) that test
failed to unlock the database, (2) the test framework failed to unlock
the database, or (3) the tests were improperly sequenced in some way
and the database didn't get unlocked. It's quite possible that this
failure could never be replicated in actual use, as tests often mock
up some component that would normally ensure that any pending
transaction gets discarded and the database unlocked.
Unfortunately I don't have an up-to-date test installation (it's on my
list for early next week), and looking at the test file doesn't tell
me anything. Perhaps Barry has an idea for a fix, or a workaround.
And there's probably a way to skip that test, but I don't know nose
very well.
Steve
Original report follows:
> i have started investigating MM3 for my new, remote server and
> branched from lp:mailman, lp:postorius, and lp:hyperkitty.
>
> I started in the MM3 branch directory and followed instructions in
> src/mailman/docs/START.rst.
>
> I got the virtualenv ready to go and, in the local mailman branch
> directory, I executed:
>
> $ node2 -v
>
> All tests chug along nicely until:
>
> /usr/local/src/0-mailman3/src/mailman/rest/docs/membership.rst ...
>
> and it hangs longer than I think it should. After a <ctl-C> the last
> few trace-back lines are:
>
> File "/home/virtualenvs/mm3/local/lib/python2.7/site-packages/storm-0.20-py2.7-linux-i686.egg/storm/database.py",
> line 374, in raw_execute
> self._run_execution(raw_cursor, args, params, statement)
> File "/home/virtualenvs/mm3/local/lib/python2.7/site-packages/storm-0.20-py2.7-linux-i686.egg/storm/database.py",
> line 388, in _run_execution
> self._check_disconnect(raw_cursor.execute, *args)
> File "/home/virtualenvs/mm3/local/lib/python2.7/site-packages/storm-0.20-py2.7-linux-i686.egg/storm/database.py",
> line 454, in _check_disconnect
> return function(*args, **kwargs)
> sqlite3.OperationalError: database is locked
>
> Note I am running the MM3 installation, via ssh, on a remote host
> running Debian 7, 32-bit. (Note also postfix is running.)
Hi,
I added a "Mentor List" (ie, roster) at the end of the project page,
and added (besides myself) Florian, Barry and Terri. I don't mind
having my address there (so added it) but didn't take liberties with
anybody else's mailbox.
Regards
hi guys,
I just added a link from "Sprints" to the GSoC 2014 page.
I have found it frustrating to see queries from interested students
about projects where I have no clue who the appropriate mentor might
be, and haven't seen any responses on-list. So ...
I took the liberty of adding a "Potential Mentors" line to each
project description, and adding myself to several of them. The rest
currently say to post here. I also noticed that the Handheld App
didn't have a Task Level, so I added it (as "unspecified").
I'm sure the currently signed-up mentors know what to do :-), but if
you're considering being a mentor for any of those projects, please do
add your name to the project on the wiki. At the very least your
input will be very valuable in finding an alternative.
If you're pretty sure you are willing and have time to mentor, do go
through the GSoC Melange process too. The more mentors we have signed
up, the better we look to the PSF (although they've been quite
generous to us in the past, every little bit helps -- intern slots are
scarce!)
Let's make this the best Mailman GSoC yet!
Steve