Hi, Apart from what Abhilash wrote, I have a few ;-) additional comments.
Bhavishya writes: > Hi, I saw the idea to create various kinds of encrypted lists, > Could you elaborate the following: > 1)The amount of knowledge of security (and if possible the sources > to achieve the same) You need to understand what a "threat model" is, and the structure of a mailing list as a system to know what threats can be defended against, and to decide which threats to defend against. You need to understand how mailing lists and the mail system work in some detail, and what the use cases for encrypted lists might be. For self-study, you could start with Bruce Schneier's blog, especially his famous post on "the security mindset", and with Steve Bellovin's book, _Thinking Security_. Bellovin's book has many references. The core mail security RFCs are enumerated below. The code for various encryption algorithms is already available in the standard library (OpenSSL, for example, although a lot of people deprecate it) and in 3rd-party libraries on PyPI. Writing encryption modules is not part of this task. > 2)The development environment (what else is required apart from > linux) Python 2.7, Python 3.5 (both 2.7 and 3.5 are currently *required*), plus Python 3.6 if you're adventurous (GNU Mailman 3 doesn't officially support Python 3.6 yet), modules from PyPI as-needed. Your Python(s) must be built to support OpenSSL, or some other source of implementations for encryption algorithms. git. The Mailman Suite (the subprojects mailman, mailmanclient, django-mailman3, postorius, hyperkitty, mailman-hyperkitty) from http://gitlab.com/mailman. (Dependencies for the suite will be installed automatically by the setup.py for each component.) An MTA, either Postfix (most popular among Mailman core developers) or Exim4 (supported). Sendmail and Qmail may be usable but are not advised unless you can provide support for them yourself -- there is ZERO support in Mailman 3 itself. It may not be very hard to support a new MTA (it took me 10 minutes to configure Exim4 and 30 to write the docs), but you won't get much help from us. Why risk it? It would be nice if you have a test domain where you can install Mailman on the standard SMTP port 25 or submission port 587, but testing on localhost is acceptable. > 3)Any other task for me to strengthen my application(I would try > fixing bugs on my level though) Get an account on gitlab. Read the FAQ for Mailman 2, the archives for mailman-users, mailman-developers, and mailman3-users to get some idea of the level and needs of our users. Subscribe to those lists. Take a look at RFCs 5321 (SMTP), 5322 (Internet Message Format), 4949 (security glossary), and 5598 (email architecture). Bookmark them and RFCs 2045 (MIME), 2046 (MIME), 2387 (multipart/related), 2015 (MIME/PGP), 3156 (MIME/OpenPGP), 5751 (S/MIME), and 5752 (multiple signatures). I recommend reading all the way through RFC 4949, as a complement to Schneier's blog and Bellovin's book (or similar). RFC 5598 is very important, as it is fundamental to understanding the threat models involved in email and indirect flows including mailing lists. Read the abstracts and introductions to RFCs 5321 and 5322, as understanding the basic concepts of email are going to be very important. For the rest just bookmarking is fine. We would eventually be referring to them in the implementation most likely, but you don't need to be totally familiar for the application. Steve _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
