-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25.04.2013 15:35, Daniel Kahn Gillmor wrote:
> abhilash might have meant that there is a concern that a decrypted > message could be stored *on disk* in one of the queues, not just > in memory. Of course, it's a good idea to decrypt the data as late as possible in order to avoid unnecessary mistakes. When does mailman store received messages on disk? I can think of the following: - - swapping. Either you request "non-swappable" memory from your OS (might be tricky in Python), or you encrypt your swap device with a new, randomly generated key on every startup. - - mailinglist archive. You simply shouldn't keep a (decrypted) archive on the server. - - disk queue. I don't remember if mailman persists received (but not yet sent) mails on disk. Addressing the last point, you can either choose to decrypt the mail in a later stage, or (if this is a bad idea for performance reasons) deal with this problem with an adequate system configuration, although this is tricky and certainly error-prone. But I think it could be done by excluding the queue from backup (unless, of course, the backup is encrypted, which you should do anyway) and having an encrypted file system. Stefan. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlF6boUACgkQ/fRK6HX9cHTzSACgm5bbYbTpmQ0PZAL9+VCwvcMR hR8An2dFewlP/w3TJejzST3Fp1f4xD+9 =in7V -----END PGP SIGNATURE----- _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9