[Mailman-Developers] GSoC Updates

Abhilash Raj raj.abhilash1 at gmail.com
Thu Aug 29 03:37:28 CEST 2013 

Hi all,

So I think my work inside mailman for signing and verification is almost
complete, here are a few things that I have now working and it would be
very nice if some of you can have a look at the code and let me know if
the implementation is correct(the logical and the pythonic way).

1) There is a 'signature rule'[1] that can verify signature from the
users whose public key is stored in 'var/gpg' directory insider
'pubring.gpg'. This rule also verifies that the email has only two parts
one of which must be 'application/pgp-signature'.

2) The 'signmessage handler'[2] signs the message while preserving the
sender's signature. The structure of the message for now is a
multipart/alternative with each alternative part having one
signature(one from list and another from sender).
(I have into my todo what Daniel suggested previously[3] to have two
signatures in one pgp-signature part)

3) A 'gpg'[4] utility which does all the crypto part from signing to
verification, generation of list's key, importing key from data(will be
used if we allow user's to copy paste their public key data insider
postorius), importing key from a public keyserver(default is set as
'pgp.mit.edu' on random basis, please suggest something which you think
can be a better default).

In line 81 I am passing an empty string to the comment for the key but
still the key generated is still having the default comment 'Generated
by gpg.py'. Any idea why? Is it because the string I am passing is a
null string and it should have a non-null string to set as comment?

4) There are few other changes like adding the signature rule in
default-posting-chain chain and signmessage handler in
default-posing-pipeline. Also I have added a new config variable as
'gpg_dir' whose default value is set to '$VAR_DIR/gpg'. There are tests
written for almost all the modules above, some more tests maybe required
to be added to then though)

I am thinking to setup a working installation of this code once I find a
place to do that, so that we can find bugs more easily.

Moving on my plan includes adding the APIs for management of keys and
options for list-admin and users in postorius and mm-client. If anyone
has ever given a thought before about what all things should be there
please help me with it.


[1]:
http://bazaar.launchpad.net/~raj-abhilash1/mailman/master/view/head:/src/mailman/rules/signature.py

[2]:
http://bazaar.launchpad.net/~raj-abhilash1/mailman/master/view/head:/src/mailman/handlers/signmessage.py

[3]:
http://www.mail-archive.com/mailman-developers%40python.org/msg13961.html

[4]:
http://bazaar.launchpad.net/~raj-abhilash1/mailman/master/view/head:/src/mailman/utilities/gpg.py

---
Abhilash Raj

More information about the Mailman-Developers mailing list