[Mailman-Users] Approved header, mailman password and security
dag at wieers.com
Wed Apr 20 15:44:13 CEST 2011
On Thu, 14 Apr 2011, Dag Wieers wrote:
> We have been using the Approved header as a way to automatically approve
> commit logs to a read-only mailinglist. We recently moved our infrastructure
> to github and I wrote a patch to the github Email service hook to add an
> Approved header.
> Now the problem of course is that this secret currently is either the list
> admin or the list moderator password, which is far from secure. Especially if
> the mails are not created on the mailman list server.
> So I would propose to allow to set a separate secret used for approved
> messages. If compromised, it's easy to change that secret on both sides.
> Is this acceptable ?
I received no feedback on this. Shall I open a ticket for this, or is this
not considered valuable ?
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
More information about the Mailman-Users