At 4:54 PM +0100 2006-06-08, David Lee wrote:
> To the average non-techie managerial type, what terminology (Authorised?
> Authenticated? etc.) is preferable?
I think that the authentication thing is a red herring. Stick to
the original idea and make relatively minimal modifications to the
code, and let Barry, Tokio, Mark, and others deal with the deeper
technical and architectural issues that Ian is raising.
> That would, indeed, probably be the ideal. But that would itself mean
> that all paths by which the Mailman machine might be reached would have to
> be known to have an enforced mechanism for authenticated SMTP. (And what
> about (say) "cron" jobs generating email which might legitimately go
> through lists?)
Which is part of why you shouldn't worry about trying to solve
this problem. With your original concept, you're not really opening
any new security holes, and you shouldn't have to worry about trying
to close those that already exist.
Just make sure that you put in the appropriate cleanup code into
place to remove the headers in question, as is done today for the
"Approved:" header.
--
Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
_______________________________________________
Mailman-Developers mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
