Jan Jancar writes: > b) Added complexity, maintenance cost to Mailman's infrastructure. > This can be mitigated by implementing encrypted mailing lists > either as a plugin as was proposed here before,
In one sense, a plugin is the ONLY way this feature can be reasonably implemented in Mailman 3, as all the relevant work will be done in Rules and Handlers. However, as Mailman core tends to provide information to companion applications (Postorius, HyperKitty) without much concern for authorization, there may be issues that require either invasive changes or can only be addressed in current Mailman 3 architecture by host security. The latter is the current answer to all questions of security, in fact. This will indeed be an ongoing security concern in maintenance, unless the information that needs to be secured is by design carefully partitioned away from "low security" operations used by Postorius, HyperKitty, and the REST interface generally. Steve _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
