[Mailman-Developers] Architecture for extra profile info
Richard Wackerbarth
rkw at DATAPLEX.NET
Thu Apr 18 18:54:07 CEST 2013
On Apr 18, 2013, at 11:42 AM, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> Richard Wackerbarth writes:
>> There is no reason why alternate channels [to a connection from
>> localhost authorized by the OS] cannot be substituted as long as a
>> means of identification (such as shared secrets) is utilized.
>
> Sure, but didn't you notice the elephant in the room as you swept it
> under the rug? The implementation of "alternate channels" matters *a
> lot*, and it's not trivial.
Just because something is important or non-trivial to implement properly does not imply that it is difficult for us to utilize it.
Rather than developing our own, we can, and should, leverage the efforts of "the professionals" and use the tools that they provide (such as https and oAuth, etc.).
Certainly, the proper administration of each, and every, host is an essential element to prevent access "on the coat tails" of the trusted agents. But that also applies to the "localhost" implementation.
More information about the Mailman-Developers
mailing list