On Mon, Oct 7, 2019, at 5:37 PM, Mark Sapiro wrote:
On 10/6/19 10:11 AM, Abhilash Raj wrote:
I am hoping that I can commit the change with the commented out code, unless I am reminded of a use for the passwords in Core's database. Then, it might be a bit more of work trying to figure out another way to improve the speed.
I'm not at all sure what's actually implemented, but there is a feature for pre-approving a post with an Approved: header with a password. This is also supposed to work to approve held posts, but approving/discarding held posts by email is broken anyway[1].
Lists have a moderator_password attribute which is an encrypted version of a plain text password that can be used for this purpose, but the original intent IIRC was that this could be the password of the user sending the mail and would be accepted if the user was an owner or moderator. As I said, I'm not sure (don't think) this is implemented, and a much better approach is to abandon the Approved: header in favor of a pgp signature from an owner/moderator.
That's correct, it does seem to be implemented today but using the moderator password.
I agree that it is better implemented using gpg signatures instead of passwords.
The other possible use for this password is if a user imported by import21 wants to authenticate to Django, she might be able to use this password. I don't think that's the case now.
I don't think we should be doing this, it is better than the migration allows for a new more secure password than re-using old ones, which have been sent out over email in past.
It is tricky how multiple-password world get translated to single-password world, it makes the final password somewhat non-deterministic, depending on what the last mailing list imported was, which does not sound right anyway.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-leave@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3
Security Policy: https://wiki.list.org/x/QIA9
-- thanks, Abhilash Raj (maxking)