[Mailman-Developers] 2.1.8 documentation mismatch

David Lee t.d.lee at durham.ac.uk
Fri Jun 9 10:59:37 CEST 2006 

On Thu, 8 Jun 2006, Brad Knowles wrote:

> At 4:54 PM +0100 2006-06-08, David Lee wrote:
>
> >  To the average non-techie managerial type, what terminology (Authorised?
> >  Authenticated? etc.) is preferable?
>
> 	I think that the authentication thing is a red herring.  Stick to
> the original idea and make relatively minimal modifications to the
> code, and let Barry, Tokio, Mark, and others deal with the deeper
> technical and architectural issues that Ian is raising.
>
> >  That would, indeed, probably be the ideal.  But that would itself mean
> >  that all paths by which the Mailman machine might be reached would have to
> >  be known to have an enforced mechanism for authenticated SMTP.  (And what
> >  about (say) "cron" jobs generating email which might legitimately go
> >  through lists?)
>
> 	Which is part of why you shouldn't worry about trying to solve
> this problem.  With your original concept, you're not really opening
> any new security holes, and you shouldn't have to worry about trying
> to close those that already exist.
>
> 	Just make sure that you put in the appropriate cleanup code into
> place to remove the headers in question, as is done today for the
> "Approved:" header.

Thanks, Brad, for this and your previous emails.  Your have nicely grasped
both sides:

(1) that this piece of string could be very long, and is an issue
primarily for the Mailman development gurus in a global and relatively
long timescale, context;

(2) that my own particular per-sender password proposal is intended to be
a small, self-contained thing, modelled on the existing "Approved:", and
with a very similar set of security issues (positive and negative), in a
local, short timescale, context.

It's giving me the confidence to go ahead on this item, but I hope to keep
in mind compatibility with (anticipation of) possible future developments.

Thanks again.


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :

More information about the Mailman-Developers mailing list