[Mailman-Developers] Crypto-sign to post

Bob Puff bob at nleaudio.com
Sun Nov 5 22:37:35 CET 2006 

I think Barry's idea that non-subscribers could ack their own messages is
excellent.  I'm not sure that simply having a signed message enter the system
is a good thing to default to being on though... In fact, I can think of a few
lists wherein that behaviour would be disasterous, and if it were defaulted to
ON and was a new feature that the admins weren't aware of, some stuff would
definitely hit the fan.

Bob


---------- Original Message -----------
From: Steve Huston <huston at astro.princeton.edu>
To: mailman-developers at python.org
Sent: Sun, 05 Nov 2006 13:04:44 -0500
Subject: Re: [Mailman-Developers] Crypto-sign to post

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 11/4/06 1:32 PM, Barry Warsaw wrote:
> > Given that this could be a posting option that list admins could  
> > choose or not, I'm all for it.
> 
> I'd like to add my $.02 as well.  I think this would be a great 
> feature, and since admins could choose to use it or not I think it 
> might be helpful to have it on by default.  But since many list 
> readers (and possibly owners) might not understand exactly how it 
> works, here's my thought.
> 
> Have it turned on by default, but when Mailman sends out the message 
> it adds a header to the mail; as Nathan later suggested, having it 
> automatically set the "Reply-To" to include the sender so they get 
> copies of replies would be good - better would be for Mailman to do 
> it automagically, but that would require a bit more work to keep 
> track of who submitted what mail, etc (things which MM isn't 
> currently stateful enough to track, though I don't know what other 
> 2.2 plans are in the works).  The other would be a "header" in the 
> body of the message, perhaps something like:
> 
>  [This sender is not subscribed to the list, but their email is being
> sent through because it is cryptographically signed - replies to the
> email should be CC'd to the original sender]
> 
> Having it on by default might be seen as a "back door" to some, but off
> by default means people would have to see the benefits of turning it 
> on before they'd do so.  Since signed mails are likely to only be 
> done by people who know what they're doing, and I'll guess are also 
> less likely to be the type to post nonsense to mailing lists only to 
> add to clutter, I'd think it would be safe to leave on.  And by 
> having the header there, it would probably alleviate those 
> readers/admins that would wonder, "How the hell did they post on 
> here when they're not subscribed..."
> 
> - --
> Steve Huston - W2SRH - Unix Sysadmin, Dept. of Astrophysical Sciences
>   Princeton University  |    ICBM Address: 40.346525   -74.651285
>     126 Peyton Hall     |"On my ship, the Rocinante, wheeling through
>   Princeton, NJ   08544 | the galaxies; headed for the heart of 
> Cygnus,
>     (609) 258-7375      | headlong into mystery."  -Rush, 'Cygnus X-1'
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFFTie8CCKCCLIg8RMRAoUgAJ9Lhu7V3rH8j5ayIhoMoPEd24H8AwCeJnyN
> 0aRAWpvuhzu1wP8jezEBLXk=
> =lc5i
> -----END PGP SIGNATURE-----
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/bob%40nleaudio.com
> 
> Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
------- End of Original Message -------

More information about the Mailman-Developers mailing list