[Mailman-Developers] Encrypted lists predictable difficulties and implementation needs
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Mon Mar 27 15:57:09 EDT 2017
Jan Jancar writes:
> b) Added complexity, maintenance cost to Mailman's infrastructure.
> This can be mitigated by implementing encrypted mailing lists
> either as a plugin as was proposed here before,
In one sense, a plugin is the ONLY way this feature can be reasonably
implemented in Mailman 3, as all the relevant work will be done in
Rules and Handlers.
However, as Mailman core tends to provide information to companion
applications (Postorius, HyperKitty) without much concern for
authorization, there may be issues that require either invasive
changes or can only be addressed in current Mailman 3 architecture by
host security. The latter is the current answer to all questions of
security, in fact.
This will indeed be an ongoing security concern in maintenance, unless
the information that needs to be secured is by design carefully
partitioned away from "low security" operations used by Postorius,
HyperKitty, and the REST interface generally.
Steve
More information about the Mailman-Developers
mailing list