Hi all,

I am sorry for this delayed post, this is a brief report on my progress on gsoc project(OpenPGP integration with GNU Mailman).

I have added a new rule called as 'signature'(src/mailman/rules/signature.py) which verifies if the signature in the email is valid. There is a strict implementation of RFC 3156 for the messages that we accept, only 'multipart/signed' with exactly two parts one of which is 'application/pgp-signature' is accepted, rest are held/discarded/bounced as per the list policy(whose implementation is still remaining).

The signature rule uses 'gpg' utility(src/mailman/utilities/gpg.py) for verification of the signature. The storage and usage of keys is not implemented yet, for now only one key is used i.e. in the tests, the key is added as test data. The testing of this module was interesting work for me, the test-data gets copied from the 'var/gpg' directory to the temp var directory created on-the-fly during configLayer setup in tests.

The work on 'sign' handler(src/mailman/handlers/sign.py) is under progress right now, it signs the text in the message body with the list's secret key. One the issues for this implementation is the structure of message that goes out. We decided to leave the sender's signature and add list's signature so that if someone wants to verify sender's signature he can do it easily. But there are issues with the structure of the message which would support more than one signatures simultaneously. There are options like one in this1 document and other suggestion from Steve and Daniel.

Also there has been some issues with pushing my version of code versioned in git to launchpad so the most recent code is available at my github repo here2. Efforts are on to push the code to lp and send a pull request soon.

-- Abhilash Raj