On Thu, 16 Mar 2017 10:46:27 -0400 Rich Kulawiec <r...@gsp.org> wrote:
> I suggest that Mailman do nothing, because even if it solves all the > problems that it can solve, all it will do is provide a thin veneer of > security/privacy on top of a thoroughly rotten foundation. Yes, there > will be small, limited cases where it'll be able to deliver on its > promises -- because every person involved is diligent and every device > involved is secure -- but that's clearly not the way to bet. Even if not every device is secure, the difficulty, and likely cost, for an attacker to snoop on the communications is much greater for an encrypted mailing list is than for a non-encrypted one. FWIW, I'm part of an NGO (Digital Society Switzerland, https://digitale-gesellschaft,ch ) which uses encrypted mailing lists for its internal communications. We use Schleuder ( https://schleuder.nadir.org/ ), which isn't perfect, but works fine for us. Greetings, Norbert > > Moreover, none of this comes for free: there is opportunity cost, > complexity cost, maintenance cost, interoperability cost, etc. > In my view, it's not worth incurring all these costs to implement > something that we already know, today, right now, is not going to > work in the contemporary Internet environment -- because it relies > on underlying assumptions about endpoint security that almost > certainly won't be true as soon as the deployment scale reaches > modest numbers. > > I think a better course of action is to recommend that those with the > sort of requirements being articulated here not use mailing lists at > all. > > ---rsk > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > https://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: > http://www.mail-archive.com/mailman-developers%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-developers/nb%40bollow.ch > > Security Policy: http://wiki.list.org/x/QIA9 _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
