[Mailman-Users] Approved header, mailman password and security
dag at wieers.com
Thu Apr 14 15:38:30 CEST 2011
We have been using the Approved header as a way to automtically approve
commit logs to a read-only mailinglist. We recently moved our
infrastructure to github and I wrote a patch to the github Email service
hook to add an Approved header.
Now the problem of course is that this secret currently is either the list
admin or the list moderator password, which is far from secure. Especially
if the mails are not created on the mailman list server.
So I would propose to allow to set a separate secret used for approved
messages. If compromised, it's easy to change that secret on both sides.
Is this acceptable ?
Thanks in advance
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
More information about the Mailman-Users