Stefan Schlott writes: > 2. Your list has elevated security requirements. In this case, you can > use gpg-agent to manage the secret key (and its passphrase).
I don't understand what threat you propose to address in this way. It's true that you can prevent the attacker from getting access to the key (using agent forwarding or a token, it need not be on the exposed host at all), but we're assuming he has access to the host and the Mailman process. At a minimum you need some kind of privilege separation mechanism within Mailman. I'd recommend a postfix-style separate process which does all cryptographic work. But this might be a very large performance hit. _______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
