[Mailman-Developers] GSoC Updates
Abhilash Raj
raj.abhilash1 at gmail.com
Fri Aug 16 13:41:54 CEST 2013
On Friday 16 August 2013 10:35 AM, Stephen J. Turnbull wrote:
> Abhilash Raj writes:
>
> > 1) How do list owner create keys? What parameters? Which address?
>
> python-gnupg provides a key-generation API, GPG.gen_key().
> Alternatively, this could be done manually by the trusted
> site-manager. The web UI would have to run over SSL, presumably
> HTTPS.
>
> I think the address should be $LIST-owner at fqdn. For other parameters,
> defaults are OK I think (size=2048, type=RSA IIRC).
Here should not the address be the list's posting address? Like for
mm-dev list should it not be "mailman-developers at python.org"?
> > About the address I think owner can create a key using posting
> > address with a min key length of 1024? or else mailman rejects the
> > key? MD5 hash should be discouraged and at least SHA1 should be
> > used? (although I found this[1] that even sha1 should not be used)
>
> Nobody short of a major government can afford to break private keys or
> crypto hashes on a regular basis. Otherwise, before they try to break
> SHA1, they'll kidnap and torture you (I'm serious about the
> calculation they'll make, not that I think it will happen to anybody
> we know for several thousand years).
>
> > 3) How to manage paraphrase(or passwords) for keys?
> >
> > In previous discussions we decided to use gnupg-agent and I
> > although I haven't tried it. Any other suggestions to it?
>
> I really don't know. As you probably know, files containing host keys
> for SSH and other SSL applications don't have passwords, but are
> simply made readable only by root. That might be the appropriate
> solution here. Otherwise, any reboot takes all lists down until the
> owner can be tracked down.
>
> > Also one more thing while running tests i noticed many other tests are
> > breaking as initially a simple message could pass though
> > "default-posting-chain" but now we need a multipart/signed message. So
> > should I worry about changing all other tests?
>
> Yes. Conventionally that is the responsibility of the person who adds
> a feature. However, there's nothing that says you can't ask Barry for
> help. He may know a way to do it quickly.
>
---
Abhilash Raj
More information about the Mailman-Developers
mailing list