[Mailman-Developers] GSoC Project: pgp plugin
Jonas
jonax at openmailbox.org
Sat Feb 27 13:35:01 EST 2016
Hello Mailman developers,
I was planning to write a pgp-encryption plugin for Mailman 3 that
manages one keypair per list and pubkeys of the subscribers.
I'm considering to do it as my first-time Google Summer of Code project.
I have read the GSoC 2016 rules and the Mailman wiki GSoC 2016 pages.
I will try to work myself more into the mailman-core sources the next
few days and try to make an improvement (eg bugfix).
About me:
I have been studying computer science in germany for two and a half
years. I have sent patches to some libre, mainly C and C++, projects. I
have only minor experience in Python but I'm used to learning by reading
documentation and sources.
Feel free to mail me if you have questions.
The Project Idea:
Encrypted malinglists have been been a much-requested feature in mailman
2 and I would like to run some encrypted mailinglists myself.
There is no stable pgp-aware mailserver at this time but there has been
an unstable patch for mailman 2.1.5[1] and some other unstable encrypted
list servers [2][3]). This Project could also help to evaluate the
Mailman 3 plugin system.
Some features could be:
1. Automatic pubkey collection from inbound mail
2. Outbound mail encryption and signature validation
3. Automatic keypair generation for pgp-aware lists
4. Inbound mail decryption and outbound mail signature
5. A mailinterface for organizing the encrypted lists, subscribers
public keys and trust levels
6. A webinterface
7. PGP Information in the messages (e.g. was the incoming mail signed
by a trusted subscriber?)
8. Optionally forced encryption (such a list never sends mail to an
adress to which it can't encrypt with a pubkey that has a certain
level of trust and/or won't accept inbound mail in plaintext)
9. Optionally forced signature (inbound mail to the list has to be
signed with a key that has a certain level of trust in order to be
published)
10. pgp-aware command system. (eg optionally only accept admin mail
commands from signature-verified mail admins)
Features 1.-5. are essential.
Thoughts on Implementation:
pygpgme could be used for encryption which might easily enable S/MIME as
well. Keys could be stored in the filesystem or in databases using
SQLAlchemy. The encryption step could be implemented as a pipeline.
Encrypted lists in mailman would be great, I think I can implement the
plugin myself but I will need help to ensure the reliability and
security of the plugin.
What are your thoughts on pgp in Mailman 3?
Is this a suitable Project for the Google Summer of Code 2016?
Would anyone be interested in becoming my mentor for this project?
Thank you,
Jonas
[1]: https://non-gnu.uvt.nl/mailman-pgp-smime/
[2]: http://schleuder2.nadir.org/
[3]: http://schleuder2.nadir.org/documentation/v2.2/faq.html#index2h3
More information about the Mailman-Developers
mailing list