[Mailman-Developers] GSoC Updates

[Stephen J. Turnbull]

Abhilash Raj writes:

 > But can we achieve required randomization to create keys on virtualized
 > systems?

Not your problem.  We can do it on physical hosts, and that's good
enough.  People who care this much about security will be prepared to
pay for it.  Generalizing to handle sites that need security but don't
care (yet) is Somebody Else's Problem (maybe even you, but in a post-
GSoC avatar).

"Requirements creep" is identified as one of the most important causes
of project failure.  Learn to say "No." where possible, "It will cost
you USD1,000,000 and 36 months." if you must.  (Of course in the
latter case you'll replace those numbers with accurate ones. :-)

 > Okay then we can just suggest not to use md5.

Yes.  For now, your job is to get the system working and working
securely.  The defaults for key-generation are fine.

 > >  > Also one more thing while running tests i noticed many other
 > >  > tests are breaking as initially a simple message could pass
 > >  > though "default-posting-chain" but now we need a
 > >  > multipart/signed message. So should I worry about changing all
 > >  > other tests?
 > > 
 > > Yes.  Conventionally that is the responsibility of the person who adds
 > > a feature.  However, there's nothing that says you can't ask Barry for
 > > help.  He may know a way to do it quickly.
 > 
 > Barry anything here?

I guess you didn't notice that you didn't reply to the list?  Mailman
project lists don't mung Reply-To, you need to reply to list (if your
MUA has the function) or reply to all.