[Mailman-Developers] Re: [Mailman-Announce] RELEASED Mailman 2.1 beta 5

[Phil Stracchino]

Hey, I just had an idea for a Mailman (not necessarily 2.1) feature
enhancement.  Smack me if this isn't reasonable.

See, I just had to get myself off an opt-out spam list that Walgreens
put me on, which process involved their system mailing me a randomly
computer-generated username and password in cleartext.  And it occurred
to me that it's bugged me for some time that Mailman sends its monthly
password reminders in cleartext.  Someone who can sniff your mail or
peek at your mail spool can unsubscribe you from mailing lists, or
change your subscription options, without your consent.

So, my idea: GPG support for mailman, which the server operator has a
configuration option to disable, and allow registered listmembers to
upload a GPG public key.  This key could be used in either or both of 
two ways:

1.  Provide an "Encrypt password reminders using GPG" option on the user
options configuration page.  Mailman should not allow a user who has not
uploaded a key to set this option, and if a user does try to set it
without first uploading a key, it should display a message explaining
that a GPG public key is required in order to enable this option, and
explaining to the user how to upload a key.  This will prevent persons
able to spy on the user's email from obtaining the user's password by
that method.

2.  Provide an "Accept signed posts only" option, again on the per-user
options page.  If this option is set by a user, Mailman will accept
posts from that user only if signed with the previously-uploaded GPG
key.  This will enable the user to prevent malicious individuals from
forging posts to the list in their name.  Once again, Mailman should not
allow the option to be set if no key has been uploaded.

Both of these options could optionally be made global across all lists
on that server to which that user is subscribed at that address.

I'd offer sample implementations for both of these, except I just maybe
if I'm lucky know just about enough Python to be dangerous (i.e, not
enough to write code in Python, but enough to break existing code and
not understand why what I did broke it).


What do you think?  Thoughts, questions, LARTage?


-- 
 .*********  Fight Back!  It may not be just YOUR life at risk.  *********.
 : phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
 :  alaric@babcom.com  :  alaric-ruthven@earthlink.net  :  phil@latt.net  :
 :   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)   :
 :    Linux Now!   ...Because friends don't let friends use Microsoft.    :