From msk at cloudmark.com Tue Mar 1 02:15:45 2011 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Mon, 28 Feb 2011 17:15:45 -0800 Subject: [Mailman-Developers] mailman and DKIM In-Reply-To: References: Message-ID: > -----Original Message----- > From: iane at sussex.ac.uk [mailto:iane at sussex.ac.uk] > Sent: Friday, February 25, 2011 6:09 AM > To: Murray S. Kucherawy; mailman-developers at python.org > Subject: Re: [Mailman-Developers] mailman and DKIM > > I think this is only valuable for users of ADSP. Other people would expect > their signatures to break, and be supplemented with a good signature > generated by the list server. I don't think that's the only class of users that would be interested in this problem. > Perhaps you could modify the syntax of the h= tag, to allow, say > [12]+subject+[5] to mean that 12 unknown characters may prefix the signed > header, and 5 may follow, provided they are bracketed. I'd suggest only > permitting bracketed additions, so perhaps this could be expressed as > 12+subject+5 instead. I suppose all of this might break existing > implementations, so perhaps a separate tag would be required. Perhaps, but the verifier needs to be told exactly how to identify the signed part in order to feed it to the hash algorithm. So instead, something like a rule that says "remove up to x bytes from the Subject: field, including any enclosing square brackets", with a constraint on allowed characters inside the square brackets, might be a better approach. > Maybe the l= syntax could be extended. Eg, l=12544+512 would mean "I'm > signing 12544 octets, and permitting the addition of a further 512 I would simply add an "la" tag defining the amount that can be appended rather than changing the syntax of "l=", so as to be back-compatible with current implementations. > Well, if the sender knows that the list is going to add a List-ID header, > then it could add that before signing. I doubt this would scale well, > though. Why's that? -MSK From iane at sussex.ac.uk Thu Mar 3 17:58:18 2011 From: iane at sussex.ac.uk (Ian Eiloart) Date: Thu, 03 Mar 2011 16:58:18 +0000 Subject: [Mailman-Developers] mailman and DKIM In-Reply-To: References:

Message-ID: --On 28 February 2011 17:15:45 -0800 "Murray S. Kucherawy" wrote: >> -----Original Message----- >> From: iane at sussex.ac.uk [mailto:iane at sussex.ac.uk] >> Sent: Friday, February 25, 2011 6:09 AM >> To: Murray S. Kucherawy; mailman-developers at python.org >> Subject: Re: [Mailman-Developers] mailman and DKIM >> >> I think this is only valuable for users of ADSP. Other people would >> expect their signatures to break, and be supplemented with a good >> signature generated by the list server. > > I don't think that's the only class of users that would be interested in > this problem. >> Perhaps you could modify the syntax of the h= tag, to allow, say >> [12]+subject+[5] to mean that 12 unknown characters may prefix the signed >> header, and 5 may follow, provided they are bracketed. I'd suggest only >> permitting bracketed additions, so perhaps this could be expressed as >> 12+subject+5 instead. I suppose all of this might break existing >> implementations, so perhaps a separate tag would be required. > > Perhaps, but the verifier needs to be told exactly how to identify the > signed part in order to feed it to the hash algorithm. So instead, > something like a rule that says "remove up to x bytes from the Subject: > field, including any enclosing square brackets", with a constraint on > allowed characters inside the square brackets, might be a better approach. I think that's the same thing, isn't it? >> Maybe the l= syntax could be extended. Eg, l=12544+512 would mean "I'm >> signing 12544 octets, and permitting the addition of a further 512 > > I would simply add an "la" tag defining the amount that can be appended > rather than changing the syntax of "l=", so as to be back-compatible with > current implementations. Good point. >> Well, if the sender knows that the list is going to add a List-ID header, >> then it could add that before signing. I doubt this would scale well, >> though. > > Why's that? It's the "if the sender knows" bit that doesn't scale. On sites with more than a few users, managing a list of remote email addresses that are lists wouldn't be easy. > -MSK > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers at python.org > http://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: > http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: > http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.a > c.uk > > Security Policy: http://wiki.list.org/x/QIA9 -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From msk at cloudmark.com Thu Mar 3 18:59:10 2011 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Thu, 3 Mar 2011 09:59:10 -0800 Subject: [Mailman-Developers] mailman and DKIM In-Reply-To: References:

Message-ID: > -----Original Message----- > From: iane at sussex.ac.uk [mailto:iane at sussex.ac.uk] > Sent: Thursday, March 03, 2011 8:58 AM > To: Murray S. Kucherawy; mailman-developers at python.org > Subject: Re: [Mailman-Developers] mailman and DKIM > > >> Perhaps you could modify the syntax of the h= tag, to allow, say > >> [12]+subject+[5] to mean that 12 unknown characters may prefix the signed > >> header, and 5 may follow, provided they are bracketed. I'd suggest only > >> permitting bracketed additions, so perhaps this could be expressed as > >> 12+subject+5 instead. I suppose all of this might break existing > >> implementations, so perhaps a separate tag would be required. > > > > Perhaps, but the verifier needs to be told exactly how to identify the > > signed part in order to feed it to the hash algorithm. So instead, > > something like a rule that says "remove up to x bytes from the Subject: > > field, including any enclosing square brackets", with a constraint on > > allowed characters inside the square brackets, might be a better approach. > > I think that's the same thing, isn't it? It wouldn't break existing implementations because it would name a new "c=" value. Existing (compliant) implementations would simply ignore such signatures. I think your idea was to delete up to 12 in front of whatever "subject" is and 5 after, where mine was just to go left-to-right deleting up to the specified number in only the first such block of characters. Slightly different. But either mechanism would mess with an otherwise legitimate Subject: that used square brackets for some reason, so that's a concern. The other suggestions made here discuss the body as more of a concern, since Mailman flattens a multipart/alternative into a simpler form. It could be that the proposed MIMEAUTH would work here; sign both parts of the original, and then even if Mailman tosses all but the text/plain part and even adds its own, the signature on the original text/plain part would still pass. That, coupled with a new header canonicalization mode that tolerates rudimentary Subject tagging, might be useful. (MIMEAUTH: http://tools.ietf.org/html/draft-crocker-doseta-mimeauth-00) -MSK From matthew.brunelle at gmail.com Thu Mar 17 02:54:18 2011 From: matthew.brunelle at gmail.com (Matthew Brunelle) Date: Wed, 16 Mar 2011 21:54:18 -0400 Subject: [Mailman-Developers] Interested Google Summer of Code Student Message-ID: Hello, I'm a high school senior from Rhode Island. I'm interested in working on Mail Man for the Google Summer of Code. I was wondering where I would best be able to help out. I had looked on the ideas list and I think I would be able to do the most with completing the Django web u/i. I have some experience with Django (as a personal project I'm working on a web application that analyzes cross country results). So this seems like the best area for me, but if anyone else knows of any opportunities I'd love to hear about them. I also don't have any experience with mailing lists. I did some research on proper etiquette but if I brake any social rules I truly apologize. -- Thanks and Regards, Matthew Brunelle +1.401.829.1317 Twitter: @SeeMattPlay @SeeMattWork Linkedin: www.linkedin.com/in/MatthewBrunelle From barry at list.org Mon Mar 21 20:08:42 2011 From: barry at list.org (Barry Warsaw) Date: Mon, 21 Mar 2011 15:08:42 -0400 Subject: [Mailman-Developers] Interested Google Summer of Code Student In-Reply-To: References: Message-ID: <20110321150842.4854cc99@limelight.wooz.org> On Mar 16, 2011, at 09:54 PM, Matthew Brunelle wrote: >Hello, I'm a high school senior from Rhode Island. I'm interested in >working on Mail Man for the Google Summer of Code. I was wondering >where I would best be able to help out. I had looked on the ideas >list and I >think I would be able to do the most with completing the Django web >u/i. Hi Matthew. I'm sorry for the delay in responding; I always fall so far behind email during Pycon. >I have some experience with Django (as a personal project I'm working >on a web application that analyzes cross country results). So this >seems like the best area for me, but if anyone else knows of any >opportunities I'd love to hear about them. > >I also don't have any experience with mailing lists. I did some >research on proper etiquette but if I brake any social rules I truly >apologize. Not at all. mailman-developers is exactly the right place to discuss GSoC. We've had some discussions off-line about the program and how we'll mentor it, and it's time to start bring those discussions public. Working on the Django web ui is definitely a core task for GSoC this year. Last year Anna did some great work on it, and I think we're in a great position to finish this up, and do more real-world testing with the REST API in the engine. In the next few days I should be filling out a wiki page on wiki.list.org for our 2011 GSoC participation, which will be under PSF sponsorship. I'd be very happy for you to participate. I registered as a mentor just this morning, and I know Florian will mentor again this year too. You're welcome to email here or ping me on irc.freenode.net #mailman. I'll send a follow up when the wiki page is up and running. It'll be linked to from the Python GSoC page. Cheers, -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From barry at list.org Mon Mar 28 19:38:39 2011 From: barry at list.org (Barry Warsaw) Date: Mon, 28 Mar 2011 13:38:39 -0400 Subject: [Mailman-Developers] GNU Mailman in the 2011 Google Summer of Code Message-ID: <20110328133839.0ca11b8c@neurotica.wooz.org> Hi everyone, We're going to be participating in the Google Summer of Code again this year, but this time, under the Python Software Foundation's banner. Here's our wiki page for GSoC ideas, mentors, and students: http://wiki.list.org/display/DEV/Google+Summer+of+Code+2011 and the PSF page with more details for signing up, etc. Application deadline for students is Friday, April 8, so please hurry! I believe student registration opened up today. Feel free contact us in mailman-developers at python.org, or #mailman on freenode IRC. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From f at state-of-mind.de Wed Mar 30 18:05:43 2011 From: f at state-of-mind.de (Florian Fuchs) Date: Wed, 30 Mar 2011 18:05:43 +0200 Subject: [Mailman-Developers] Interested Google Summer of Code Student In-Reply-To: <20110321150842.4854cc99@limelight.wooz.org> References: <20110321150842.4854cc99@limelight.wooz.org> Message-ID: <4D9354D7.7080209@state-of-mind.de> Hi Matthew, >> Hello, I'm a high school senior from Rhode Island. I'm interested in >> working on Mail Man for the Google Summer of Code. I was wondering >> where I would best be able to help out. I had looked on the ideas >> list and I >> think I would be able to do the most with completing the Django web >> u/i. That sounds great! If you like you can check out some of last year's code on launchpad: https://launchpad.net/~mailmanweb-django There's also a python library which makes communicating with Mailman's API pretty easy: https://launchpad.net/mailman.client If you're still interested I'd be happy to give you a walk through the code. Just email me or ping me on irc! (#mailman on irc.freenode.net) Florian -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5346 bytes Desc: S/MIME Cryptographic Signature URL: From nahuel at ahtna.org Thu Mar 31 09:49:25 2011 From: nahuel at ahtna.org (Nahuel ANGELINETTI) Date: Thu, 31 Mar 2011 09:49:25 +0200 Subject: [Mailman-Developers] Interested Google Summer of Code Student In-Reply-To: <4D9354D7.7080209@state-of-mind.de> References: <20110321150842.4854cc99@limelight.wooz.org> <4D9354D7.7080209@state-of-mind.de> Message-ID: <4D943205.5050806@ahtna.org> Hi, Le 30/03/2011 18:05, Florian Fuchs a ?crit : > Hi Matthew, > >>> Hello, I'm a high school senior from Rhode Island. I'm interested in >>> working on Mail Man for the Google Summer of Code. I was wondering >>> where I would best be able to help out. I had looked on the ideas >>> list and I >>> think I would be able to do the most with completing the Django web >>> u/i. > That sounds great! If you like you can check out some of last year's > code on launchpad: > > https://launchpad.net/~mailmanweb-django > > There's also a python library which makes communicating with Mailman's > API pretty easy: > > https://launchpad.net/mailman.client > > If you're still interested I'd be happy to give you a walk through the > code. Just email me or ping me on irc! (#mailman on irc.freenode.net) When mailman3 will be released? I'm interesting in coding a dynamic archive software, I already made base one using django for mailman 2 with some hacks (you can look there: http://archives.rezo.net/ ). My purpose is to create a software that can manager users, and permit them to respond to emails, read private archives, set email aliases(if they use multiple e-mails in differents lists hosted), and some "social" features, like setting an avatar. Please contact me if someone is interested too, Bests, -- Nahuel ANGELINETTI From terri at zone12.com Thu Mar 31 10:30:42 2011 From: terri at zone12.com (Terri Oda) Date: Thu, 31 Mar 2011 04:30:42 -0400 Subject: [Mailman-Developers] Interested Google Summer of Code Student In-Reply-To: <4D943205.5050806@ahtna.org> References: <20110321150842.4854cc99@limelight.wooz.org> <4D9354D7.7080209@state-of-mind.de> <4D943205.5050806@ahtna.org> Message-ID: <4D943BB2.8060907@zone12.com> Nahuel ANGELINETTI wrote: > When mailman3 will be released? The snarky answer is "real soon now" ;) We've been in alpha for a while. The proposed Google summer of code project include some things we need before release, including a push on the web interface. Barry can maybe give you a better estimate, but I don't think we're expecting a final release until after GSoC is over for this year. But maybe we'll have such amazing students that an earlier release will be possible! > I'm interesting in coding a dynamic > archive software, I already made base one using django for mailman 2 > with some hacks (you can look there: http://archives.rezo.net/ ). > My purpose is to create a software that can manager users, and permit > them to respond to emails, read private archives, set email aliases(if > they use multiple e-mails in differents lists hosted), and some "social" > features, like setting an avatar. This sounds really great! You may find that some of those features, like setting email aliases, might be better packaged up with the other interface work for user settings, but I'm sure if you start with the archives themselves you'll find plenty to do and hopefully you'll get to the more social pieces later on. Could you look over the use cases developed for the Systers archive project last year and tell us a bit about what other use cases you think would be important for the archives project, or how you'd prioritize the ones we already have? http://systers.org/systers-dev/doku.php/mailman_archives_ui_-_yian_shang There's not really a right or wrong answer for this question -- I just want to get more of an idea of how you're thinking about archives and how you expect them to be used! Terri From barry at list.org Thu Mar 31 14:51:55 2011 From: barry at list.org (Barry Warsaw) Date: Thu, 31 Mar 2011 08:51:55 -0400 Subject: [Mailman-Developers] Interested Google Summer of Code Student In-Reply-To: <4D943205.5050806@ahtna.org> References: <20110321150842.4854cc99@limelight.wooz.org> <4D9354D7.7080209@state-of-mind.de> <4D943205.5050806@ahtna.org> Message-ID: <20110331085155.6567c4e5@neurotica.wooz.org> On Mar 31, 2011, at 09:49 AM, Nahuel ANGELINETTI wrote: >When mailman3 will be released? I expect the core engine will go into beta fairly soon. Depending on how GSoC goes, I might wait until after the summer so that student's work can help influence the final release. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: