[Mailman-Developers] GSoc - Requirement from Mentor to complete the project

Tue May 7 04:57:55 CEST 2013

Abhilash Raj writes:

 > Let me divide the project in a few pieces so that each can be
 > discussed upon separately.

This is a good idea, but you should take them up one at a time, unless
you have a good approach and are expecting "sounds good, get started"
as the reply to that point.

 > * Firstly a utility to encrypt or decrypt the message. Well i found
 > [python-gnupg][1] for this purpose and would try to write a wrapper
 > around it for the use by mailman. But I found another option for it
 > [GnupgInterface][2]. GnupgInterface was used in the
 > [mailman-pgp-smime][3] patch for mailman and also has options to sign
 > and encrypt in one call of a function( unlike python-gnupg ). If
 > anyone has ever used any of these two would you please suggest which
 > one is better?

This isn't first.  Don't be so eager to write code when you have not
stated the requirements with any precision.

*First* you need to describe the life of a message from a thought in
the sender's mind until it hits the receiver's eyes.  (It could
actually be somewhat shorter than that, but these endpoints ensure
you'll get everything we need somewhere in between.)  Which steps are
required for every message?  Which are optional, depending on the list
policy and/or user choices?  Which are implemented in Mailman?  Which
in MTAs/MDAs?  Which in MUAs?

You also need to decide what threats this process is suppose to
protect the users from.

The combination of these two will determine what Mailman needs to be
able to do with incoming and outgoing posts.  Then you need to see
what Mailman already does perfectly, what needs to be modified, and
what needs a new implementation.

This description of requirements doesn't need to be as authoritative
as Scripture, but we need something fairly detailed to start with.

Once that's done, we can talk about implementing crypto operations.
But I don't think it matters much which module you start with.  (Why
not?  The answer is a general concept of software engineering.)

 > * The point of encryption and decryption in the various queues. I was
 > of the opinion that the message is decrypted as soon as it enters the
 > IN queue and while its about to leave the queue it is encrypted with a
 > symmetric key algorithm using the list's secret key. And then it is
 > subsequently decrypted in the next queue and finally in the OUTGOING
 > queue it is signed and encrypted with each user's pub-key.
 > Any suggestions about this?

I think the concerns about decrypted material hitting disk are valid.

Therefore I would recommend that you avoid decrypting until necessary.
(It may not even be necessary.  When?  What exactly do I mean by "not
decrypting"?  This requires a good understand of the OpenPGP format,
as well as Mailman queue processing.  Don't hurry, feel free to ask
questions -- as long as they don't amount to "I don't know, tell me"!)