[Mailman-Developers] 2.1.8 documentation mismatch
David Lee
t.d.lee at durham.ac.uk
Fri Jun 9 10:59:37 CEST 2006
On Thu, 8 Jun 2006, Brad Knowles wrote:
> At 4:54 PM +0100 2006-06-08, David Lee wrote:
>
> > To the average non-techie managerial type, what terminology (Authorised?
> > Authenticated? etc.) is preferable?
>
> I think that the authentication thing is a red herring. Stick to
> the original idea and make relatively minimal modifications to the
> code, and let Barry, Tokio, Mark, and others deal with the deeper
> technical and architectural issues that Ian is raising.
>
> > That would, indeed, probably be the ideal. But that would itself mean
> > that all paths by which the Mailman machine might be reached would have to
> > be known to have an enforced mechanism for authenticated SMTP. (And what
> > about (say) "cron" jobs generating email which might legitimately go
> > through lists?)
>
> Which is part of why you shouldn't worry about trying to solve
> this problem. With your original concept, you're not really opening
> any new security holes, and you shouldn't have to worry about trying
> to close those that already exist.
>
> Just make sure that you put in the appropriate cleanup code into
> place to remove the headers in question, as is done today for the
> "Approved:" header.
Thanks, Brad, for this and your previous emails. Your have nicely grasped
both sides:
(1) that this piece of string could be very long, and is an issue
primarily for the Mailman development gurus in a global and relatively
long timescale, context;
(2) that my own particular per-sender password proposal is intended to be
a small, self-contained thing, modelled on the existing "Approved:", and
with a very similar set of security issues (positive and negative), in a
local, short timescale, context.
It's giving me the confidence to go ahead on this item, but I hope to keep
in mind compatibility with (anticipation of) possible future developments.
Thanks again.
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: Durham University :
: http://www.dur.ac.uk/t.d.lee/ South Road :
: Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
More information about the Mailman-Developers
mailing list