Hi!
On Thu, May 23, 2013 at 02:26:46PM -0400, Daniel Kahn Gillmor wrote:
On 05/23/2013 12:06 PM, Abhilash Raj wrote: <snip>
My doubt is that how do we actually decide what is the best policy for us to follow? One person may agree to my point, other may not, third may have a different point and so on and so forth. So how do we decide upon one point? Voting?
This is a good question :)
I think you should propose a reasonable approach for handling all these various corner cases, and where your approach has some arbitrary cutoffs (e.g. messages with signatures older than K days will not be accepted for delivery), you make the arbitrary cutoff tuneable by the list administrator and choose a sensible default.
Then you solicit and accept patches from people who have a strong argument that your implementation isn't aligned with a reasonable policy they would like to pursue :)
I've just typesetted http://non-gnu.uvt.nl/pub/mailman/mailman-2.1.15-with-pgp-smime_2012-08-28-p... and http://non-gnu.uvt.nl/pub/mailman/mailman-2.1.15-with-pgp-smime_2012-08-28-p... . These document some ideas about threats for a PGP-enhanced mailman implementation. (More documentation is available in http://non-gnu.uvt.nl/pub/mailman/mailman-2.1.15-with-pgp-smime_2012-08-28-p... .)
HTH.
<snip> > > I am really thankful for your questions and suggestions. I tried to > > answer them with some thought. Please correct me if I am wrong. > > Thanks, I really appreciate your engagement with these questions. There > are a lot of finicky details to keep track of, and you're coming up to > speed fast on questions that most people haven't thought about at all. > Keep it up!
+1
Bye,
Joost
-- irc:joostvb@{OFTC,freenode} ∙ http://mdcc.cx/ ∙ http://ad1810.com/