[Mailman-Users] Approved header, mailman password and security

Dag Wieers dag at wieers.com
Thu Apr 14 15:38:30 CEST 2011


We have been using the Approved header as a way to automtically approve 
commit logs to a read-only mailinglist. We recently moved our 
infrastructure to github and I wrote a patch to the github Email service 
hook to add an Approved header.


Now the problem of course is that this secret currently is either the list 
admin or the list moderator password, which is far from secure. Especially 
if the mails are not created on the mailman list server.

So I would propose to allow to set a separate secret used for approved 
messages. If compromised, it's easy to change that secret on both sides.

Is this acceptable ?

Thanks in advance
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]

More information about the Mailman-Users mailing list