[Mailman-Developers] Thoughts on processing for pre-approved messages

[Stephen J. Turnbull]

On Mon, Mar 19, 2012 at 2:59 AM, Mark Sapiro <mark at msapiro.net> wrote:

> If that were all that was required, that would be fine. The problem is
> that we allow approval via a pseudo-header as the first non-blank body
> line in the first text/plain part of the message, and we have to look
> for it there and if found, not only remove it from that part, but also
> from any alternative parts in which it might appear.
>
> It's the removal of this pseudo-header from text/html alternatives
> that is the hard part. See the comment thread at
> <https://bugs.launchpad.net/mailman/+bug/266220>.

OK, will do.

We really need a better way of doing this.  Something like requiring that
all parts for which approval is requested be signed by an authorized
private key, and unsigned parts be stripped.  Of course that will leave
most people out in the cold ....

> Incorrect password is not an issue because we remove it anyway.

That's true, assuming you do find it.  The real problem is whether you're
trying to find it:

> The other things *should* not be a problem because in theory the poster
> wouldn't use the header if it weren't required, and in that case, the
> post will be held since it isn't pre-approved. Of course in practice,
> held posts get approved even if they might leak a password and users
> do all sorts of things that don't make sense :(

Precisely.  Most people use Mailman *because* they have no idea what
makes sense.  That's really the most important point about automation.
It empowers people to accomplish tasks that they can't do on their own.

This requires them to trust the automation, of course, and that's often
not a great idea.  But "published source" helps.