Mailman-Developers March 2014

mailman-developers@python.org

27 participants
69 discussions

Re: [Mailman-Developers] [GSoC 2014] Cordova/Android App for GNU Mailman Admin Interface

by Barry Warsaw

On Mar 05, 2014, at 09:06 AM, Bhargav Golla wrote: >files in mailman, I found that the default username and password for admin >is restadmin and restpass. Tried that and was out of luck there too. Could >you help me with the default username and password details? That's only the default username and password for the privileged admin REST API in the core. The web ui uses that to speak to the core, but if you're connecting to the web ui, that username and password won't be exposed. -Barry

7 years, 10 months

Re: [Mailman-Developers] [GSoC 2014] Cordova/Android App for GNU Mailman Admin Interface

by Rajeev S

Hi Bhargav, You will be asked whether to *add a superuser* during *syncdb*. If you answered no to that, do *python manage.py createsuperuser * and use that username and password to login. *Regards,Rajeev S* *Government Engineering College,Thrissur* *http://rajeevs.tk <http://rajeevs.tk>* On Wed, Mar 5, 2014 at 8:05 PM, Bhargav Golla <bgolla(a)g.clemson.edu> wrote: > Hi Abhilash > > If you mean the last step of installation where we do cd > postorius_standalone;python manage.py syncdb, I wasn't asked for any > username/password. I checked the settings.py and it doesn't have any > specific default username/password. > > And the http://localhost:8001/3.0 worked for me. > > > On Wed, Mar 5, 2014 at 9:22 AM, Abhilash Raj <raj.abhilash1(a)gmail.com > >wrote: > > > Hi Bhargav, > > > > On Wednesday 05 March 2014 07:36 PM, Bhargav Golla wrote: > > > Thanks for that change Rajeev. I was able to get the Web UI up and > > running. > > > I was trying to find out the default Username and password for this but > > was > > > unable to. When I was exploring docs in mailman.client and some config > > > files in mailman, I found that the default username and password for > > admin > > > is restadmin and restpass. Tried that and was out of luck there too. > > Could > > > you help me with the default username and password details? > > > > While setting up Postorius(the web UI) when you do 'python manage.py > > syncdb' for the first time, it asks you to create admin. You can log in > > using those credentials. 'restadmin' and 'restpass' are the credentials > > for the mailman rest server. > > > > > Also, there is a using.txt doc in mailman.client which says we can make > > the > > > REST requests by connecting to http://localhost:9001/3.0 using > username > > and > > > password. Should the URL be http://localhost:9000/3.0 for this example > > or > > > would it be any different? > > > > AFAIK it is 'http://localhost:8001/3.0'. (Try it once. If I am wrong > > please someone correct me) > > > > > > > > Thanks > > > > > > > > > On Mon, Mar 3, 2014 at 1:38 PM, Rajeev S <rajeevs1992(a)gmail.com> > wrote: > > > > > >> Hi Bhargav, > > >> > > >> Just do *mailman start*, without the bin. > > >> > > >> I have edited the wiki. > > >> > > >> > > >> *Regards, Rajeev S* > > >> *Government Engineering College,Thrissur* > > >> *http://rajeevs.tk <http://rajeevs.tk>* > > >> > > >> > > >> On Mon, Mar 3, 2014 at 10:37 PM, Bhargav Golla <bgolla(a)g.clemson.edu > > >wrote: > > >> > > >>> Thanks Barry and Terri for your feedback. > > >>> I was trying to install Postorius locally and analyze what all would > be > > >>> required in a mobile app for Admin. Doing the same, I have hit a > > >>> roadblock. > > >>> I am using the wiki provided here[1]. I tried to install mailman > using > > >>> "set > > >>> up sources" part of the wiki. Though python setup.py install executes > > >>> without any errors, I am unable to see the folder bin/ in the same > > >>> directory. So, even though I proceed with further setup, I am > getting a > > >>> "Mailman REST API not available. Please start mailman core" on my > > >>> localhost:8000 webpage. Could anyone help me here? > > >>> > > >>> [1] > > >>> > > >>> > > > http://wiki.list.org/display/DEV/A+5+minute+guide+to+get+the+Mailman+web+UI… > > >>> > > >>> Thanks > > >>> > > >>> > > >>> On Sun, Mar 2, 2014 at 1:18 AM, Terri Oda <terri(a)toybox.ca> wrote: > > >>> > > >>>> > > >>>> On 2014-02-28, 7:36 AM, Bhargav Golla wrote: > > >>>> > > >>>>> I have a few questions regarding this idea. > > >>>>> 1. I intend to develop it on Cordova since it will help in porting > > the > > >>> app > > >>>>> easily to multiple platforms. Were there any ideas in this > directions > > >>>>> regarding going native or hybrid? > > >>>>> > > >>>> > > >>>> Personally, I'd prefer if we went hybrid and had an html5 webapp > that > > >>>> could be used straight over the web for mobile users who don't want > to > > >>>> install an app, with Cordova used to build the individual platform > > >>> apps. I > > >>>> may not be the mentor on this one, though, so I'm happy to defer to > > >>> whoever > > >>>> the final mentor is on this front. > > >>>> > > >>>> Incidentally, I've been using Intel's XDK for building Cordova apps > > >>> lately > > >>>> and highly recommend it for quick testing on various platforms and > > >>> screen > > >>>> sizes. I've found it a very useful tool, and not just because I > work > > >>> for > > >>>> Intel now! > > >>>> > > >>>> 2. Can I assume that all mailing lists built by Mailman support the > > >>> REST > > >>>>> interface? Also, I have tried to see if I can get JSON responses > and > > I > > >>> am > > >>>>> unable to by adding a HTTP Accept Header to take > "application/json". > > >>> Am I > > >>>>> doing anything wrong or is JSON not implemented? > > >>>>> > > >>>> > > >>>> I don't know the answer to this off the top of my head: Barry? > > >>>> > > >>>> > > >>>> 3. As a starter, could I ignore internationalization for GSoC, but > > >>>>> implement interface in such a way as to be able to internationalize > > it > > >>>>> easily? > > >>>>> > > >>>> > > >>>> We don't expect you to actually translate anything, don't worry. :) > > But > > >>>> you should definitely build as much as possible so that > > >>>> internationalization will be easy: make sure there's a quick way to > > get > > >>> a > > >>>> list of strings that need translation, at least. Some of the > strings > > >>> may > > >>>> be already translated in other components of Mailman, so you may be > > >>> able to > > >>>> get some translations to use to test if you have time at the end of > > the > > >>>> summer for internationalization. > > >>>> > > >>>> Terri > > >>>> > > >>>> > > >>> > > >>> > > >>> -- > > >>> Bhargav Golla > > >>> M.S Computer Science > > >>> Github <http://www.github.com/bhargavgolla> | > > >>> LinkedIN<http://www.linkedin.com/in/bhargavgolla> > > >>> | Website <http://www.bhargavgolla.com/> > > >>> _______________________________________________ > > >>> Mailman-Developers mailing list > > >>> Mailman-Developers(a)python.org > > >>> https://mail.python.org/mailman/listinfo/mailman-developers > > >>> Mailman FAQ: http://wiki.list.org/x/AgA3 > > >>> Searchable Archives: > > >>> http://www.mail-archive.com/mailman-developers%40python.org/ > > >>> Unsubscribe: > > >>> > > > https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm… > > >>> > > >>> Security Policy: http://wiki.list.org/x/QIA9 > > >>> > > >> > > >> > > > > > > > > > > -- > > Abhilash Raj > > > > > > > -- > Bhargav Golla > M.S Computer Science > Github <http://www.github.com/bhargavgolla> | > LinkedIN<http://www.linkedin.com/in/bhargavgolla> > | Website <http://www.bhargavgolla.com/> > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers(a)python.org > https://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: > http://www.mail-archive.com/mailman-developers%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm… > > Security Policy: http://wiki.list.org/x/QIA9 >

7 years, 10 months

Re: [Mailman-Developers] [GSoC 2014] Cordova/Android App for GNU Mailman Admin Interface

by Bhargav Golla

Hi Abhilash If you mean the last step of installation where we do cd postorius_standalone;python manage.py syncdb, I wasn't asked for any username/password. I checked the settings.py and it doesn't have any specific default username/password. And the http://localhost:8001/3.0 worked for me. On Wed, Mar 5, 2014 at 9:22 AM, Abhilash Raj <raj.abhilash1(a)gmail.com>wrote: > Hi Bhargav, > > On Wednesday 05 March 2014 07:36 PM, Bhargav Golla wrote: > > Thanks for that change Rajeev. I was able to get the Web UI up and > running. > > I was trying to find out the default Username and password for this but > was > > unable to. When I was exploring docs in mailman.client and some config > > files in mailman, I found that the default username and password for > admin > > is restadmin and restpass. Tried that and was out of luck there too. > Could > > you help me with the default username and password details? > > While setting up Postorius(the web UI) when you do 'python manage.py > syncdb' for the first time, it asks you to create admin. You can log in > using those credentials. 'restadmin' and 'restpass' are the credentials > for the mailman rest server. > > > Also, there is a using.txt doc in mailman.client which says we can make > the > > REST requests by connecting to http://localhost:9001/3.0 using username > and > > password. Should the URL be http://localhost:9000/3.0 for this example > or > > would it be any different? > > AFAIK it is 'http://localhost:8001/3.0'. (Try it once. If I am wrong > please someone correct me) > > > > > Thanks > > > > > > On Mon, Mar 3, 2014 at 1:38 PM, Rajeev S <rajeevs1992(a)gmail.com> wrote: > > > >> Hi Bhargav, > >> > >> Just do *mailman start*, without the bin. > >> > >> I have edited the wiki. > >> > >> > >> *Regards, Rajeev S* > >> *Government Engineering College,Thrissur* > >> *http://rajeevs.tk <http://rajeevs.tk>* > >> > >> > >> On Mon, Mar 3, 2014 at 10:37 PM, Bhargav Golla <bgolla(a)g.clemson.edu > >wrote: > >> > >>> Thanks Barry and Terri for your feedback. > >>> I was trying to install Postorius locally and analyze what all would be > >>> required in a mobile app for Admin. Doing the same, I have hit a > >>> roadblock. > >>> I am using the wiki provided here[1]. I tried to install mailman using > >>> "set > >>> up sources" part of the wiki. Though python setup.py install executes > >>> without any errors, I am unable to see the folder bin/ in the same > >>> directory. So, even though I proceed with further setup, I am getting a > >>> "Mailman REST API not available. Please start mailman core" on my > >>> localhost:8000 webpage. Could anyone help me here? > >>> > >>> [1] > >>> > >>> > http://wiki.list.org/display/DEV/A+5+minute+guide+to+get+the+Mailman+web+UI… > >>> > >>> Thanks > >>> > >>> > >>> On Sun, Mar 2, 2014 at 1:18 AM, Terri Oda <terri(a)toybox.ca> wrote: > >>> > >>>> > >>>> On 2014-02-28, 7:36 AM, Bhargav Golla wrote: > >>>> > >>>>> I have a few questions regarding this idea. > >>>>> 1. I intend to develop it on Cordova since it will help in porting > the > >>> app > >>>>> easily to multiple platforms. Were there any ideas in this directions > >>>>> regarding going native or hybrid? > >>>>> > >>>> > >>>> Personally, I'd prefer if we went hybrid and had an html5 webapp that > >>>> could be used straight over the web for mobile users who don't want to > >>>> install an app, with Cordova used to build the individual platform > >>> apps. I > >>>> may not be the mentor on this one, though, so I'm happy to defer to > >>> whoever > >>>> the final mentor is on this front. > >>>> > >>>> Incidentally, I've been using Intel's XDK for building Cordova apps > >>> lately > >>>> and highly recommend it for quick testing on various platforms and > >>> screen > >>>> sizes. I've found it a very useful tool, and not just because I work > >>> for > >>>> Intel now! > >>>> > >>>> 2. Can I assume that all mailing lists built by Mailman support the > >>> REST > >>>>> interface? Also, I have tried to see if I can get JSON responses and > I > >>> am > >>>>> unable to by adding a HTTP Accept Header to take "application/json". > >>> Am I > >>>>> doing anything wrong or is JSON not implemented? > >>>>> > >>>> > >>>> I don't know the answer to this off the top of my head: Barry? > >>>> > >>>> > >>>> 3. As a starter, could I ignore internationalization for GSoC, but > >>>>> implement interface in such a way as to be able to internationalize > it > >>>>> easily? > >>>>> > >>>> > >>>> We don't expect you to actually translate anything, don't worry. :) > But > >>>> you should definitely build as much as possible so that > >>>> internationalization will be easy: make sure there's a quick way to > get > >>> a > >>>> list of strings that need translation, at least. Some of the strings > >>> may > >>>> be already translated in other components of Mailman, so you may be > >>> able to > >>>> get some translations to use to test if you have time at the end of > the > >>>> summer for internationalization. > >>>> > >>>> Terri > >>>> > >>>> > >>> > >>> > >>> -- > >>> Bhargav Golla > >>> M.S Computer Science > >>> Github <http://www.github.com/bhargavgolla> | > >>> LinkedIN<http://www.linkedin.com/in/bhargavgolla> > >>> | Website <http://www.bhargavgolla.com/> > >>> _______________________________________________ > >>> Mailman-Developers mailing list > >>> Mailman-Developers(a)python.org > >>> https://mail.python.org/mailman/listinfo/mailman-developers > >>> Mailman FAQ: http://wiki.list.org/x/AgA3 > >>> Searchable Archives: > >>> http://www.mail-archive.com/mailman-developers%40python.org/ > >>> Unsubscribe: > >>> > https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm… > >>> > >>> Security Policy: http://wiki.list.org/x/QIA9 > >>> > >> > >> > > > > > > -- > Abhilash Raj > > -- Bhargav Golla M.S Computer Science Github <http://www.github.com/bhargavgolla> | LinkedIN<http://www.linkedin.com/in/bhargavgolla> | Website <http://www.bhargavgolla.com/>

7 years, 10 months

Re: [Mailman-Developers] [GSoC 2014] Cordova/Android App for GNU Mailman Admin Interface

by Bhargav Golla

Thanks for that change Rajeev. I was able to get the Web UI up and running. I was trying to find out the default Username and password for this but was unable to. When I was exploring docs in mailman.client and some config files in mailman, I found that the default username and password for admin is restadmin and restpass. Tried that and was out of luck there too. Could you help me with the default username and password details? Also, there is a using.txt doc in mailman.client which says we can make the REST requests by connecting to http://localhost:9001/3.0 using username and password. Should the URL be http://localhost:9000/3.0 for this example or would it be any different? Thanks On Mon, Mar 3, 2014 at 1:38 PM, Rajeev S <rajeevs1992(a)gmail.com> wrote: > Hi Bhargav, > > Just do *mailman start*, without the bin. > > I have edited the wiki. > > > *Regards, Rajeev S* > *Government Engineering College,Thrissur* > *http://rajeevs.tk <http://rajeevs.tk>* > > > On Mon, Mar 3, 2014 at 10:37 PM, Bhargav Golla <bgolla(a)g.clemson.edu>wrote: > >> Thanks Barry and Terri for your feedback. >> I was trying to install Postorius locally and analyze what all would be >> required in a mobile app for Admin. Doing the same, I have hit a >> roadblock. >> I am using the wiki provided here[1]. I tried to install mailman using >> "set >> up sources" part of the wiki. Though python setup.py install executes >> without any errors, I am unable to see the folder bin/ in the same >> directory. So, even though I proceed with further setup, I am getting a >> "Mailman REST API not available. Please start mailman core" on my >> localhost:8000 webpage. Could anyone help me here? >> >> [1] >> >> http://wiki.list.org/display/DEV/A+5+minute+guide+to+get+the+Mailman+web+UI… >> >> Thanks >> >> >> On Sun, Mar 2, 2014 at 1:18 AM, Terri Oda <terri(a)toybox.ca> wrote: >> >> > >> > On 2014-02-28, 7:36 AM, Bhargav Golla wrote: >> > >> >> I have a few questions regarding this idea. >> >> 1. I intend to develop it on Cordova since it will help in porting the >> app >> >> easily to multiple platforms. Were there any ideas in this directions >> >> regarding going native or hybrid? >> >> >> > >> > Personally, I'd prefer if we went hybrid and had an html5 webapp that >> > could be used straight over the web for mobile users who don't want to >> > install an app, with Cordova used to build the individual platform >> apps. I >> > may not be the mentor on this one, though, so I'm happy to defer to >> whoever >> > the final mentor is on this front. >> > >> > Incidentally, I've been using Intel's XDK for building Cordova apps >> lately >> > and highly recommend it for quick testing on various platforms and >> screen >> > sizes. I've found it a very useful tool, and not just because I work >> for >> > Intel now! >> > >> > 2. Can I assume that all mailing lists built by Mailman support the >> REST >> >> interface? Also, I have tried to see if I can get JSON responses and I >> am >> >> unable to by adding a HTTP Accept Header to take "application/json". >> Am I >> >> doing anything wrong or is JSON not implemented? >> >> >> > >> > I don't know the answer to this off the top of my head: Barry? >> > >> > >> > 3. As a starter, could I ignore internationalization for GSoC, but >> >> implement interface in such a way as to be able to internationalize it >> >> easily? >> >> >> > >> > We don't expect you to actually translate anything, don't worry. :) But >> > you should definitely build as much as possible so that >> > internationalization will be easy: make sure there's a quick way to get >> a >> > list of strings that need translation, at least. Some of the strings >> may >> > be already translated in other components of Mailman, so you may be >> able to >> > get some translations to use to test if you have time at the end of the >> > summer for internationalization. >> > >> > Terri >> > >> > >> >> >> -- >> Bhargav Golla >> M.S Computer Science >> Github <http://www.github.com/bhargavgolla> | >> LinkedIN<http://www.linkedin.com/in/bhargavgolla> >> | Website <http://www.bhargavgolla.com/> >> _______________________________________________ >> Mailman-Developers mailing list >> Mailman-Developers(a)python.org >> https://mail.python.org/mailman/listinfo/mailman-developers >> Mailman FAQ: http://wiki.list.org/x/AgA3 >> Searchable Archives: >> http://www.mail-archive.com/mailman-developers%40python.org/ >> Unsubscribe: >> https://mail.python.org/mailman/options/mailman-developers/rajeevs1992%40gm… >> >> Security Policy: http://wiki.list.org/x/QIA9 >> > > -- Bhargav Golla M.S Computer Science Github <http://www.github.com/bhargavgolla> | LinkedIN<http://www.linkedin.com/in/bhargavgolla> | Website <http://www.bhargavgolla.com/>

7 years, 10 months

Re: [Mailman-Developers] Mentor list on project page

by Stephen J. Turnbull

Abhilash Raj writes: > Hi,I have a pretty good understand of the mailman core, I would > love to co-mentor any project if I am allowed? You're allowed. Lots of former students (and the occasional current student as well!) are mentors. Some of the following my sound harsh, and it is my private opinion; I don't speak for Mailman or for GSoC. I expose it on this list because there may be others lurking with the ambition to be a mentor, and they're in similar situation to you in many ways. I'm not opposed making you a formal mentor (that's not my decision, but my opinion will surely be input to it), but I'm not very positive right now. I have had only very sporadic contact with you since GSoC last year. No explanations needed, it's just a fact, and it's two- sided issue, anyway. I just want you to know where you stand -- it is not a criticism of *you*, and it's not a "decision". To be a formal mentor (and "get the stupid T-shirt" :-), you will need to establish a presence with at least one, preferably several of the current mentors. We need confidence that you'll be available to the student when she/he gets in trouble. Not 100%, but a mentor or co-mentor who doesn't contribute much and then disappears halfway is a really bad thing, and we especially need confidence that you'll be around at deadline time (there's no administrative difference between mentor and co-mentor: both can edit the evaluation forms, both can see the same student data), because you may need to do the evaluation if your co-mentor is unavailable. On the other hand, informally, if you want to mentor, just start. <wink/> Your goal should be to make it clear that we can't dispense with your advice on a project we want to implement. Then we *have* to make you an official mentor! (I'm not sure if there's a deadline on that.) Of course "indispensible" is a *very* high standard, but the advice to just start mentoring (on-list) is the best you're going to get. The more of that you do, the better we know you. Including your faults -- having your faults known IS AN ADVANTAGE because that way we can give you a good teammate who has strengths there! Other things you can do: participate in the sprints at PyCon. Most of the mentors will be sprinting. I can't go myself, but will participate by IRC and email, and try to do work in advance so it's easily available to the onsite sprinters. Of course general development work, submitting patches, and discussing them publicly is useful. But in the end, the most effective path is to show that you *are* a mentor, by doing it!

7 years, 10 months

[GSoC14] Full Anonymization Project Idea

by Stephen J. Turnbull

In general, what is missing from these "anonymization" proposals are use cases, user stories which display the reasons for anonymity and the definition of anonymity (for example, should repeated posts from a given subscriber have the same "From" field or not?) For example, the following organizations want a "fully anonymized" list: 1. An Alcoholics Anonymous meeting. 2. A therapy group for battered wives led by a professional therapist (whose identity is known to all, and who knows all realspace identities -- but maybe can't match them to list identities). 3. A corporate whistleblower/suggestion box. 4. A terrorist cell. (I'm not suggesting we should *care* about serving these people well, and maybe we should try *not* to serve them -- it's an intellectual exercise.) 5. A tax evaders users' group. (ditto) How do their needs differ? How are they similar? How well does your proposal serve their needs? I'm not too serious about that specific list, individual students may or may not have experience and knowledge of those use cases. But I would strongly prefer to work with a student who thinks about these issues *explicitly* and *concretely* in terms of use cases. In particular, it may seem obvious that we can't protect the subscriber database against the site admin/root, but then we have to give up on use case 3 above. Or do we? These are hard, *hard*, HARD questions. Even Bruce Schneier (if you don't know who he is, find out!) might not get the answers at first try. I don't ask you to get the hard ones at all! But sometimes the answer is obvious from just asking the question (use case 3 vs root access), so you'd best ask some of those easy ones. :-) About this specific proposal: Kshitij Gupta writes: > As I understand, we can do this in the following ways: > 1. For each subscriber on the mailing list generate a random encryption and > decryption key, which will be store in the database. If the keys never leave the database, why not use symmetric encryption? Why do different subscribers need different keys? If they do leave the database, how are they distributed? How is the distribution protected from the standard attacks (eg, man in the middle)? > 2. Everytime user sends the mail we can encrypt the email to a hash which > will then be used as the pseudo id for the user. To do this we can either > use salt (as in time) to ensure a new email id is generated everytime I don't understand why you would ever want this, let alone why there is a use case common enough to be worth implementing in Mailman. That doesn't mean there isn't any, but please explain. > or without salt which equivalently fixes a single id for the user. > 3. From the email we can cleanup headers, converting the users timezone to > a standard UTC timezone. You also probably need to handle Message-ID specially. > 4. We can also hash the users original email id and append it as a > signature to sign the mail, ensuring the authenticity of mail in a > conversation. That's not how digital signatures are done, and only those with access to a descryption key can check authenticity. > 5. For replies, the person replying can respond to the message, the email > address will then be decrypted by matching against the list of all > decryption keys and matching the digest of the mail id for additional > security and forwarding it to the intended user. I'm not sure I understand the "additional security part." In any case, if you have a "digest", why not use that as a unique key into the user database, so that the actual decryption becomes an authentication, and only needs to be done once? > The above steps (in my understanding): > 1. Will allow users to anonymously post to mailing lists. Except that the site admin knows where to find each user. The site admin had better be the only entity with such access. > 2. Ensure nobody can pretend to be someone else in a thread via the > personal salt. But how about spoofing subscriptions? Do we care about that? What if a user happens to know the address of another user, and spoofs that? > 3. Allow users to communicate in threads and reply to each other. > 4. Use a constant space for users in the database, at the cost of matching > against multiple decryption keys and then checking against the hashed email. Is constant space really an issue? > Look forward to some feedback and hope to contribute to the mailman > community. > > [1]- https://code.launchpad.net/apparmor-profile-tools , however the code > was recently merged into the branch upstream at: > https://code.launchpad.net/apparmor where development continues. > > Regards, > Kshitij Gupta > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers(a)python.org > https://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ > Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/stephen%40xemacs… > > Security Policy: http://wiki.list.org/x/QIA9

7 years, 10 months

[GSoC14] Full Anonymization Project Idea

by Kshitij Gupta

Hello, I am Kshitij Gupta, an undergrad student in Computer Science and Engineering at National Institute of Technology, Jamshedpur, India. I have previously worked on AppArmor Profile Tools[1] in GSoC'13 for openSUSE and have some experience with Python and bzr/launchpad. I have had little exposure to workings of email and mail servers. I have been looking at the project description and found the idea particularly interesting as it will allow me learn about internal working of mailman and also understand privacy aspects. As I understand, we can do this in the following ways: 1. For each subscriber on the mailing list generate a random encryption and decryption key, which will be store in the database. 2. Everytime user sends the mail we can encrypt the email to a hash which will then be used as the pseudo id for the user. To do this we can either use salt (as in time) to ensure a new email id is generated everytime or without salt which equivalently fixes a single id for the user. 3. From the email we can cleanup headers, converting the users timezone to a standard UTC timezone. 4. We can also hash the users original email id and append it as a signature to sign the mail, ensuring the authenticity of mail in a conversation. 5. For replies, the person replying can respond to the message, the email address will then be decrypted by matching against the list of all decryption keys and matching the digest of the mail id for additional security and forwarding it to the intended user. The above steps (in my understanding): 1. Will allow users to anonymously post to mailing lists. 2. Ensure nobody can pretend to be someone else in a thread via the personal salt. 3. Allow users to communicate in threads and reply to each other. 4. Use a constant space for users in the database, at the cost of matching against multiple decryption keys and then checking against the hashed email. Look forward to some feedback and hope to contribute to the mailman community. [1]- https://code.launchpad.net/apparmor-profile-tools , however the code was recently merged into the branch upstream at: https://code.launchpad.net/apparmor where development continues. Regards, Kshitij Gupta

7 years, 10 months

[Mailman-Users] MM3 Test "" Hangs

by Stephen J. Turnbull

Tom Browder writes: We really appreciate your efforts to test the betas of Mailman 3. But please do be aware that although there are sites already successfully using Mailman 3 in production, the development team doesn't recommend use of any of the components (core, Postorius, HyperKitty) in production yet. > I have no idea what to do next, Nothing. :-) I've already Cc'd (and set Reply-To to) mailman-developers, which is a more appropriate place for this report. (Many Mailman-Users are not interested in MM3 yet, while Mailman-Developers are by definition, as MM2 is basically end-of-life. Also, some relevant developers may read mailman-developers more frequently than they read mailman-users.) Actually, I do have a couple of ideas. First, you should always report the whole error trace (if you think that's ugly in an email, attach it as a file). In this particular case, I suspect that the problem is in the test before the one that caused the Exception, which failed leaving the database locked. It would be very helpful to identify that test, which would probably be the *first* frame in the trace. Second, you should look in the server's logs to see if there were any errors that might have caused the incomplete transaction. > and help or ideas would be greatly appreciated. If you have no idea, then reporting to the developers is the best you can do. Use "Mailman Developers" <mailman-developers(a)python.org> or report via Launchpad. Pretty clearly what's happened is that some previous test locked the database (probably anything that accesses the database does so at least long enough to read the whole record), and either (1) that test failed to unlock the database, (2) the test framework failed to unlock the database, or (3) the tests were improperly sequenced in some way and the database didn't get unlocked. It's quite possible that this failure could never be replicated in actual use, as tests often mock up some component that would normally ensure that any pending transaction gets discarded and the database unlocked. Unfortunately I don't have an up-to-date test installation (it's on my list for early next week), and looking at the test file doesn't tell me anything. Perhaps Barry has an idea for a fix, or a workaround. And there's probably a way to skip that test, but I don't know nose very well. Steve Original report follows: > i have started investigating MM3 for my new, remote server and > branched from lp:mailman, lp:postorius, and lp:hyperkitty. > > I started in the MM3 branch directory and followed instructions in > src/mailman/docs/START.rst. > > I got the virtualenv ready to go and, in the local mailman branch > directory, I executed: > > $ node2 -v > > All tests chug along nicely until: > > /usr/local/src/0-mailman3/src/mailman/rest/docs/membership.rst ... > > and it hangs longer than I think it should. After a <ctl-C> the last > few trace-back lines are: > > File "/home/virtualenvs/mm3/local/lib/python2.7/site-packages/storm-0.20-py2.7-linux-i686.egg/storm/database.py", > line 374, in raw_execute > self._run_execution(raw_cursor, args, params, statement) > File "/home/virtualenvs/mm3/local/lib/python2.7/site-packages/storm-0.20-py2.7-linux-i686.egg/storm/database.py", > line 388, in _run_execution > self._check_disconnect(raw_cursor.execute, *args) > File "/home/virtualenvs/mm3/local/lib/python2.7/site-packages/storm-0.20-py2.7-linux-i686.egg/storm/database.py", > line 454, in _check_disconnect > return function(*args, **kwargs) > sqlite3.OperationalError: database is locked > > Note I am running the MM3 installation, via ssh, on a remote host > running Debian 7, 32-bit. (Note also postfix is running.)

7 years, 10 months

Mentor list on project page

by Stephen J. Turnbull

Hi, I added a "Mentor List" (ie, roster) at the end of the project page, and added (besides myself) Florian, Barry and Terri. I don't mind having my address there (so added it) but didn't take liberties with anybody else's mailbox. Regards

7 years, 10 months

Wiki edits for GSoC 2014

by Stephen J. Turnbull

hi guys, I just added a link from "Sprints" to the GSoC 2014 page. I have found it frustrating to see queries from interested students about projects where I have no clue who the appropriate mentor might be, and haven't seen any responses on-list. So ... I took the liberty of adding a "Potential Mentors" line to each project description, and adding myself to several of them. The rest currently say to post here. I also noticed that the Handheld App didn't have a Task Level, so I added it (as "unspecified"). I'm sure the currently signed-up mentors know what to do :-), but if you're considering being a mentor for any of those projects, please do add your name to the project on the wiki. At the very least your input will be very valuable in finding an alternative. If you're pretty sure you are willing and have time to mentor, do go through the GSoC Melange process too. The more mentors we have signed up, the better we look to the PSF (although they've been quite generous to us in the past, every little bit helps -- intern slots are scarce!) Let's make this the best Mailman GSoC yet! Steve

7 years, 10 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

Mailman-Developers March 2014