[Mailman-Developers] GSOC Midterm Report
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 6 19:30:10 CEST 2013
On 08/02/2013 01:18 PM, Barry Warsaw wrote:
> On Aug 02, 2013, at 05:49 PM, Abhilash Raj wrote:
>
>> Now as the signing part is almost done except for to-be-able-to-select
>> the key for signing(now python-gnupg signs using the first found key in
>> the secret keyring) we need the proper infrastructure for the key
>> management. Where will the public keys of the users be stored? Where
>> will the secret keys of the lists be stored? How will they be accessed
>> by mailman?
>
> One thought is to have a public keyring to store all the pubkeys of the users,
> and store just the key ids/fingerprints in the database. That will probably
> have to be a table of ids/fingerprints cross-referenced to the user table
> (since a user would probably control multiple keys).
>
> The other option is to use a table that associates email address in the pubkey
> to the fingerprint/id and cross reference them to the addresses table for
> addresses that Mailman knows about.
Alternately, you could avoid storing any sort of key material or
fingerprints in the database at all, and let GnuPG manage the e-mail
address → key mappings, based on a set of trusted certifiers.
This is exactly what gnupg's key selection and trustdb code is designed
to do already. If gnupg's key selection and trustdb code doesn't work
for this purpose, it would be nice to let the gnupg folks know why it's
inadequate.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130806/78dd5953/attachment.pgp>
More information about the Mailman-Developers
mailing list