[Mailman-Developers] GSOC Progress report

Abhilash Raj raj.abhilash1 at gmail.com
Wed Jul 24 23:45:21 CEST 2013


Hi all,

I am sorry for this delayed post, this is a brief report on my progress
on gsoc project(OpenPGP integration with GNU Mailman).

I have added a new rule called as
'signature'(src/mailman/rules/signature.py) which verifies if the
signature in the email is valid. There is a strict implementation of RFC
3156 for the messages that we accept, only 'multipart/signed' with
exactly two parts one of which is 'application/pgp-signature' is
accepted, rest are held/discarded/bounced as per the list policy(whose
implementation is still remaining).

The signature rule uses 'gpg' utility(src/mailman/utilities/gpg.py) for
verification of the signature. The storage and usage of keys is not
implemented yet, for now only one key is used i.e. in the tests, the key
is added as test data. The testing of this module was interesting work
for me, the test-data gets copied from the 'var/gpg' directory to the
temp var directory created on-the-fly during configLayer setup in tests.

The work on 'sign' handler(src/mailman/handlers/sign.py) is under
progress right now, it signs the text in the message body with the
list's secret key. One the issues for this implementation is the
structure of message that goes out. We decided to leave the sender's
signature and add list's signature so that if someone wants to verify
sender's signature he can do it easily. But there are issues with the
structure of the message which would support more than one signatures
simultaneously. There are options like one in this[1] document and other
suggestion from Steve and Daniel.

Also there has been some issues with pushing my version of code
versioned in git to launchpad so the most recent code is available at my
github repo here[2]. Efforts are on to push the code to lp and send a
pull request soon.

[1]: http://tools.ietf.org/html/draft-ietf-openpgp-multsig-02
[2]: https://github.com/maxking/mailman

--
Abhilash Raj


More information about the Mailman-Developers mailing list