-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 23, 2009, at 10:55 AM, Patrick Ben Koetter wrote:
Yes. It keeps everything in one place. I would have to work around the freemind mindmap flash fancy stuff though, which I've just fallen in
love with. But let's not let this get in the way.How do we do it? Do I get write access to Mailman wiki?
You should have write access just by virtue of having an account on
the wiki. There are only a few pages that aren't generally writable
by every logged in user. If you're having a problem with a specific
page, let me know.
We've thought about different client technologies too. That's the
client technology part I wrote about in the wiki.Which we didn't discuss was fully authenticated access for the REST
server by design. If I understand this correctly than any party that is able to communicate with the REST server will have full admin access to
Mailman's data model. In other words: It's upon any REST client to protect the REST
server from abuse.
That's basically correct.
I feel a little uneasy not having the server control that itself
unless we find a good way to control who may connect to the server or the
server is able to identify valid clients by some client identity (ACL).
It depends on whether we view the REST API as a user feature or an
admin interface. I've always thought about it as the latter, but I'm
open to other opinions. OTOH, I think there's a lot of functionality
that a privileged process could need, that the general public won't
need at all. Another way to think about it is that there doesn't need
to be just one REST API.
What this means though is that when you deploy Mailman's REST
interface, you must take care to protect it. You wouldn't want to expose it
to the internet for example. You'd want to make sure that its interface is accessibly on via your data center, or via localhost if you were
running a turnkey standalone system.I was thinking of TLS client/server authentication for open
networks. Not that I have spent time yet to find out if Python (REST) tools provide such functionality - I am sure it does, but given my low Python
experience, I'd rather verify...
I'm not sure about this either. Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAknIH8AACgkQ2YZpQepbvXHdPACeOlFuUp985yiVMpDqcMUEjIyc 3rcAoJukYnubROsC9yK1SMt6KV7yjFBk =yOAo -----END PGP SIGNATURE-----