Hi all.
I have created a repository to keep the original proposal for this project, as well as the current working version and similar documentation / specs at:
https://gitlab.com/J08nY/pgpmailman-proposal
The repo contains up-to-date changes I propose to Mailman core to accommodate an encrypted lists plugin as well as other possible future plugins. (in core_changes.md) It also contains a current working sketch of the plugin (in plugin.md). Comments are very appreciated.
I wrote a post on the current issues I am facing on integrating the encrypted lists plugin with Postorius and HyperKitty:
https://neuromancer.sk/article/4
Integrating with Postorius and HyperKitty
Since a plugin-like out-of-tree approach is required for implementing encrypted lists into Mailman, a straight forward integration into Postorius and HyperKitty (as first proposed) by making them "aware" of the encrypted lists plugin is not possible.
Thus a new approach for providing their functionality and conforming to the project requirements is necessary. I see three possible pathways forward and a middle-ground between them.
## Standalone django app
A new django app will be created, using django-mailman3 as a base, that will implement all the web based functionality for encrypted mailing lists, such as:
- Displaying the List key for all public encrypted mailing lists.
- List key management for list admins
- User key management
- Encrypted archives, that are server unencrypted (effectively replaces HyperKitty for encrypted lists)
This app will then be run besides Postorius.
## A fork/patchset approach
This approach will create a fork of Postorius and HyperKitty that will integrate changes necessary for the encrypted lists plugin seamlessly. Thus users wanting to use encrypted mailing lists will have to setup Postorius and HyperKitty from this fork.
## Wrenching it in
This approach tries to integrate all of the functionality using configurable options of Postorius and HyperKitty. For example storing messages encrypted could be done via a custom django.db.backend. Receiving messages encrypted could be done via a small custom django app that will receive them, decrypt and pass to HyperKitty decrypted.
## A middle-ground
Somewhat of a middle ground seems to be most sensible. A standalone app will be necessary to provide functionality that is simply not possible to be integrated into Postorius and HyperKitty sensibly. This app will mostly provide key management (user and list), receive the messages encrypted and so on. However Postorius and HyperKitty will work with the least amount of "wrenching it in" as possible.
Cheers,
Jan
/\ # PGP: 362056ADA8F2F4E421565EF87F4A448FE68F329D /__\ # https://neuromancer.sk /\ /\ # Eastern Seaboard Phishing Authority /__\/__\ #