[Mailman-Developers] Mailman and GPG.

Omri Schwarz ocschwar@MIT.EDU
Tue, 07 Nov 2000 00:54:41 -0500 

> On Mon, 06 Nov 2000 14:54:38 -0500 
> Omri Schwarz <ocschwar@MIT.EDU> wrote:

> 
> > I'm asking this on the Mailman forum because Mailman would be
> > easier to GPG-enable than Majordomo (just as eating ice cream is
> > more pleasant than root canal..), and because apart from that, I
> > am not picky on how this should be done, hence would be willing to
> > fork Mailman to warp it for this end.
> 
> I'd argue that the crypted list problem is actually orthogonal to
> the MLM software used.  The MLM never needs to be involved.  You can
> involve it if you really want to, but there's not much benefit to
> doing so.
 
Both your solution and mine do the same thing on the human
failings angle: they allow a mail server admin to set up a list
that does encryption for everyone, so that people learn that 
some things are best not discussed in plaintext. (Said
mail server admin, now enabled with this solution, can
also go fascist on people who don't comply with said policy.
Enough mail server admins deciding to go this route,
and you may see an effort on the part of users and 
MUA writers to improve things on that end.)

As to which solution is better on the software side,
you're probably right. I'll have to have a closer look 
at the Mailman code. But you're sort of committed to 
something, as am I, so there's hope.

Now, for Mr. Von Rospach:

>This general ability - to validate an incoming e-mail, not just for 
>MLM -- would be a killer app for the anti-spam folks.Anything without 
>a valid signature, you dump.

>But, ask me to add this support to something like Mailman, and I'll 
>say no. Why? Because until the clients support it cleanly and easily 
>and it's on its way towards general acceptance in the user base, it's 
>wasted effort. 

GPG version chauvinism is a must for such a project.
PGP-GPG and intra-PGP version incompatibilities are a 
pain.

In turn, that kills the MUAs. However,
I don't believe good GPG handling in the MUAs
is the necessary-and-sufficient part to bring this about.
(My likely-wrong opinion here.)

So, to summarize:

Python-GPG interface exists somewhere,
and not much happening in the Mail server
or MLM group software side. So the niche is here
and I'm ready to give it a try.

Thank you for your attention, y'all.



-- 

Omri Schwarz
 Some people have told me they don't think a fat penguin really embodies
 the grace of Linux, which just tells me they have never seen a angry
 penguin charging at them in excess of 100mph. They'd be a lot more
 careful about what they say if they had.  -- Linus Torvalds