Dag Wieers wrote: >On Thu, 14 Apr 2011, Dag Wieers wrote: > >> We have been using the Approved header as a way to automatically approve >> commit logs to a read-only mailinglist. We recently moved our infrastructure >> to github and I wrote a patch to the github Email service hook to add an >> Approved header. >> >> https://github.com/github/github-services/pull/84 >> >> Now the problem of course is that this secret currently is either the list >> admin or the list moderator password, which is far from secure. Especially >> if >> the mails are not created on the mailman list server. >> >> So I would propose to allow to set a separate secret used for approved >> messages. If compromised, it's easy to change that secret on both sides. >> >> Is this acceptable ? > >I received no feedback on this. Shall I open a ticket for this, or is this >not considered valuable ?
Sorry for not responding sooner. I do think it is a good idea. Although many lists do not need separate admins and moderators and could thus use the moderator password in this way, I think a separate 'posters' password would be a valuable change. The problem is Mailman 2.1 is supposed to be feature frozen, and this is a rather extensive change involving the web GUI to set the password, and list migration changes to ensure that list objects have the poster password attribute. We can certainly consider this for MM3. Please open a tracker item at <https://bugs.launchpad.net/mailman/+filebug>, and I'll see what I can do. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
