-------- Original Message -------- Subject: Re: [Mailman-Developers] GSoC Updates Date: Fri, 16 Aug 2013 11:48:56 +0530 From: Abhilash Raj <raj.abhilash1@gmail.com> To: Stephen J. Turnbull <stephen@xemacs.org>
On Friday 16 August 2013 10:35 AM, Stephen J. Turnbull wrote:
Abhilash Raj writes:
- How do list owner create keys? What parameters? Which address?
python-gnupg provides a key-generation API, GPG.gen_key(). Alternatively, this could be done manually by the trusted site-manager. The web UI would have to run over SSL, presumably HTTPS.
But can we achieve required randomization to create keys on virtualized systems? This was the reason it was suggested before that keys are uploaded by the site owners when they create new lists.
I think the address should be $LIST-owner@fqdn. For other parameters, defaults are OK I think (size=2048, type=RSA IIRC).
About the address I think owner can create a key using posting address with a min key length of 1024? or else mailman rejects the key? MD5 hash should be discouraged and at least SHA1 should be used? (although I found this[1] that even sha1 should not be used)
Nobody short of a major government can afford to break private keys or crypto hashes on a regular basis. Otherwise, before they try to break SHA1, they'll kidnap and torture you (I'm serious about the calculation they'll make, not that I think it will happen to anybody we know for several thousand years).
Okay then we can just suggest not to use md5.
- How to manage paraphrase(or passwords) for keys?
In previous discussions we decided to use gnupg-agent and I although I haven't tried it. Any other suggestions to it?
I really don't know. As you probably know, files containing host keys for SSH and other SSL applications don't have passwords, but are simply made readable only by root. That might be the appropriate solution here. Otherwise, any reboot takes all lists down until the owner can be tracked down.
Also one more thing while running tests i noticed many other tests are breaking as initially a simple message could pass though "default-posting-chain" but now we need a multipart/signed message. So should I worry about changing all other tests?
Yes. Conventionally that is the responsibility of the person who adds a feature. However, there's nothing that says you can't ask Barry for help. He may know a way to do it quickly.
Barry anything here?
On Aug 16, 2013, at 03:13 PM, Abhilash Raj wrote:
Also one more thing while running tests i noticed many other tests are breaking as initially a simple message could pass though "default-posting-chain" but now we need a multipart/signed message. So should I worry about changing all other tests?
Yes. Conventionally that is the responsibility of the person who adds a feature. However, there's nothing that says you can't ask Barry for help. He may know a way to do it quickly.
Barry anything here?
Ideally, your changes would only affect tests locally and not have a global effect on the tests. How many tests are newly broken?
-Barry
On Friday 23 August 2013 12:14 AM, Barry Warsaw wrote:
On Aug 16, 2013, at 03:13 PM, Abhilash Raj wrote:
Also one more thing while running tests i noticed many other tests are breaking as initially a simple message could pass though "default-posting-chain" but now we need a multipart/signed message. So should I worry about changing all other tests?
Yes. Conventionally that is the responsibility of the person who adds a feature. However, there's nothing that says you can't ask Barry for help. He may know a way to do it quickly.
Barry anything here?
Ideally, your changes would only affect tests locally and not have a global effect on the tests. How many tests are newly broken?
I actually don't have the remember the count but some 10 or so doctests were failing.
-Barry
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40gm...
Security Policy: http://wiki.list.org/x/QIA9
Abhilash Raj
On Friday 23 August 2013 01:57 AM, Barry Warsaw wrote:
On Aug 23, 2013, at 01:51 AM, Abhilash Raj wrote:
I actually don't have the remember the count but some 10 or so doctests were failing.
If possible, you can just ignore these for now. Let's take a more detailed look when I land the nose2-based tests in trunk.
Yup sure.
-Barry
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40gm...
Security Policy: http://wiki.list.org/x/QIA9
Abhilash Raj
participants (2)
-
Abhilash Raj -
Barry Warsaw