[Mailman-Developers] GSoC Updates

Abhilash Raj raj.abhilash1 at gmail.com
Fri Aug 16 13:41:54 CEST 2013 

On Friday 16 August 2013 10:35 AM, Stephen J. Turnbull wrote:
> Abhilash Raj writes:
> 
>  > 1) How do list owner create keys? What parameters? Which address?
> 
> python-gnupg provides a key-generation API, GPG.gen_key().
> Alternatively, this could be done manually by the trusted
> site-manager.  The web UI would have to run over SSL, presumably
> HTTPS.
> 
> I think the address should be $LIST-owner at fqdn.  For other parameters,
> defaults are OK I think (size=2048, type=RSA IIRC).

Here should not the address be the list's posting address? Like for
mm-dev list should it not be "mailman-developers at python.org"?

>  > About the address I think owner can create a key using posting
>  > address with a min key length of 1024? or else mailman rejects the
>  > key? MD5 hash should be discouraged and at least SHA1 should be
>  > used?  (although I found this[1] that even sha1 should not be used)
> 
> Nobody short of a major government can afford to break private keys or
> crypto hashes on a regular basis.  Otherwise, before they try to break
> SHA1, they'll kidnap and torture you (I'm serious about the
> calculation they'll make, not that I think it will happen to anybody
> we know for several thousand years).
> 
>  > 3) How to manage paraphrase(or passwords) for keys?
>  > 
>  > In previous discussions we decided to use gnupg-agent and I
>  > although I haven't tried it. Any other suggestions to it?
> 
> I really don't know.  As you probably know, files containing host keys
> for SSH and other SSL applications don't have passwords, but are
> simply made readable only by root.  That might be the appropriate
> solution here.  Otherwise, any reboot takes all lists down until the
> owner can be tracked down.
> 
>  > Also one more thing while running tests i noticed many other tests are
>  > breaking as initially a simple message could pass though
>  > "default-posting-chain" but now we need a multipart/signed message. So
>  > should I worry about changing all other tests?
> 
> Yes.  Conventionally that is the responsibility of the person who adds
> a feature.  However, there's nothing that says you can't ask Barry for
> help.  He may know a way to do it quickly.
> 

---
Abhilash Raj

More information about the Mailman-Developers mailing list