[ mailman-Patches-1167696 ] handle PGP encrypted and signed posts

Mon Mar 21 17:28:01 CET 2005

Patches item #1167696, was opened at 2005-03-21 16:28
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1167696&group_id=103

Category: None
Group: Mailman 2.1
Status: Open
Resolution: None
Priority: 5
Submitted By: Joost van Baal (vanbaal)
Assigned to: Nobody/Anonymous (nobody)
Summary: handle PGP encrypted and signed posts

Initial Comment:

This patch is based upon a patch by Stefan Schlott (
http://medien.informatik.uni-ulm.de/~stefan/gpg-mailman.html )

It extends Mailman to:

- A post will be distributed only if the PGP signature on the post is from
  one of the list members.
- For sending encrypted email, a list member encrypts to the public key of
  the list.  The post will be decrypted and re-encrypted to the public keys
  of all list members.
(Later, the patch will handle RFC 2633 (S/MIME) messages too, next to RFC 2440
(OpenPGP)).

In order to achieve this, each list has a public and private key, as well
as a key passphrase.  Furthermore, new list settings are defined:

 gpg_postings_allowed: Is it allowed to send to this list postings which are
  encrypted with the GPG list key?
 gpg_msg_distribution: Are subscribers allowed (or even forced) to upload
  their GPG public key in order to receive all messages encrypted?
 gpg_post_sign: Should posts be GPG signed with an acknowledged subscriber key
  before being distributed?
 gpg_msg_sign: Should the server sign encrypted messages?

Finally, each subscriber can upload her PGP public key using the webinterface.

Latest version of the patch is available from
http://www.non-gnu.uvt.nl/pub/mailman/ .

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1167696&group_id=103