Re: [Mailman-Developers] GSoC Project: pgp plugin

[Abhilash Raj]

Hi Jonas,

On 27 February 2016 at 10:35, Jonas  wrote:

> Hello Mailman developers,
>
> I was planning to write a pgp-encryption plugin for Mailman 3 that
> manages one keypair per list and pubkeys of the subscribers.
> I'm considering to do it as my first-time Google Summer of Code project.
>

Welcome!


>
> I have read the GSoC 2016 rules and the Mailman wiki GSoC 2016 pages.
> I will try to work myself more into the mailman-core sources the next
> few days and try to make an improvement (eg bugfix).
>
> About me:
> I have been studying computer science in germany for two and a half
> years. I have sent patches to some libre, mainly C and C++, projects. I
> have only minor experience in Python but I'm used to learning by reading
> documentation and sources.
> Feel free to mail me if you have questions.
>
> The Project Idea:
> Encrypted malinglists have been been a much-requested feature in mailman
> 2 and I would like to run some encrypted mailinglists myself.
> There is no stable pgp-aware mailserver at this time but there has been
> an unstable patch for mailman 2.1.5[1] and some other unstable encrypted
> list servers [2][3]). This Project could also help to evaluate the
> Mailman 3 plugin system.
>
>
If you don't know, I worked on this project some time back in GSoC 2013.
The  current state of that project is not very good and probably needs a
*lot* of rebasing to do. I have been thinking about revisiting the project,
but haven't been able to. I don't mind another GSoC for the same project if
you can put up a proposal that would land the project in a better end state
than I did ;-).

Here is a link[1] to discussions that have already been done before on this
idea. Please read it carefully as there has been a pretty extensive
discussion on the security model and usability of such an implementation.

I have a few small questions doubts about your features below...


> Some features could be:
>  1. Automatic pubkey collection from inbound mail
>

What happens if I send a forged email with some user's email address as
FROM and use a fake key? Automatic public key collection isn't a very good
idea, you should be *very* careful about how you handle public keys.


>  2. Outbound mail encryption and signature validation
>

I would suggest you keep encryption as a part of extended goals in case of
GSoC. You'd be surprised how many students are not able to finish their
proposal in time. I don't say they did not do good work, just that they did
not make a good estimate of their time which is a good skill one should
have.


>  3. Automatic keypair generation for pgp-aware lists
>

Just to let you know, generating keys in virtual environments is not that
easy due to less available randomness as compared to PCs.


>  4. Inbound mail decryption and outbound mail signature
>

Can you elaborate on this? Shouldn't both be working differently? Encrypted
emails distributed as encrypted email and signed email distributed as
signed.


>  5. A mailinterface for organizing the encrypted lists, subscribers
> public keys and trust levels


I would like to know more on how you plan to do this.


>  6. A webinterface
>

Can be integrated in Postorius (Mailman 3's default web UI)


>  7. PGP Information in the messages (e.g. was the incoming mail signed
> by a trusted subscriber?)
>  8. Optionally forced encryption (such a list never sends mail to an
> adress to which it can't encrypt with a pubkey that has a certain
> level of trust and/or won't accept inbound mail in plaintext)
>  9. Optionally forced signature (inbound mail to the list has to be
> signed with a key that has a certain level of trust in order to be
> published)
> 10. pgp-aware command system. (eg optionally only accept admin mail
> commands from signature-verified mail admins)
>
> Features 1.-5. are essential.
>
> Thoughts on Implementation:
> pygpgme could be used for encryption which might easily enable S/MIME as
> well. Keys could be stored in the filesystem or in databases using
> SQLAlchemy. The encryption step could be implemented as a pipeline.
>
>
> Encrypted lists in mailman would be great, I think I can implement the
> plugin myself but I will need help to ensure the reliability and
> security of the plugin.
>
> What are your thoughts on pgp in Mailman 3?
>
> Is this a suitable Project for the Google Summer of Code 2016?
>

I think so.


> Would anyone be interested in becoming my mentor for this project?
>

I can, depending on your application.


>
>
> Thank you,
> Jonas
>
>
> [1]: https://non-gnu.uvt.nl/mailman-pgp-smime/
> [2]: http://schleuder2.nadir.org/
> [3]: http://schleuder2.nadir.org/documentation/v2.2/faq.html#index2h3
> ___
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40pyth

[Mailman-Developers] GSoC Project: pgp plugin

[Jonas]

Hello Mailman developers,

I was planning to write a pgp-encryption plugin for Mailman 3 that
manages one keypair per list and pubkeys of the subscribers.
I'm considering to do it as my first-time Google Summer of Code project.

I have read the GSoC 2016 rules and the Mailman wiki GSoC 2016 pages.
I will try to work myself more into the mailman-core sources the next
few days and try to make an improvement (eg bugfix).

About me:
I have been studying computer science in germany for two and a half
years. I have sent patches to some libre, mainly C and C++, projects. I
have only minor experience in Python but I'm used to learning by reading
documentation and sources.
Feel free to mail me if you have questions.

The Project Idea:
Encrypted malinglists have been been a much-requested feature in mailman
2 and I would like to run some encrypted mailinglists myself.
There is no stable pgp-aware mailserver at this time but there has been
an unstable patch for mailman 2.1.5[1] and some other unstable encrypted
list servers [2][3]). This Project could also help to evaluate the
Mailman 3 plugin system.

Some features could be:
 1. Automatic pubkey collection from inbound mail
 2. Outbound mail encryption and signature validation
 3. Automatic keypair generation for pgp-aware lists
 4. Inbound mail decryption and outbound mail signature
 5. A mailinterface for organizing the encrypted lists, subscribers
public keys and trust levels
 6. A webinterface
 7. PGP Information in the messages (e.g. was the incoming mail signed
by a trusted subscriber?)
 8. Optionally forced encryption (such a list never sends mail to an
adress to which it can't encrypt with a pubkey that has a certain
level of trust and/or won't accept inbound mail in plaintext)
 9. Optionally forced signature (inbound mail to the list has to be
signed with a key that has a certain level of trust in order to be
published)
10. pgp-aware command system. (eg optionally only accept admin mail
commands from signature-verified mail admins)

Features 1.-5. are essential.

Thoughts on Implementation:
pygpgme could be used for encryption which might easily enable S/MIME as
well. Keys could be stored in the filesystem or in databases using
SQLAlchemy. The encryption step could be implemented as a pipeline.


Encrypted lists in mailman would be great, I think I can implement the
plugin myself but I will need help to ensure the reliability and
security of the plugin.

What are your thoughts on pgp in Mailman 3?

Is this a suitable Project for the Google Summer of Code 2016?
Would anyone be interested in becoming my mentor for this project?


Thank you,
Jonas


[1]: https://non-gnu.uvt.nl/mailman-pgp-smime/
[2]: http://schleuder2.nadir.org/
[3]: http://schleuder2.nadir.org/documentation/v2.2/faq.html#index2h3
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] GSoC 2016 Contribution

[Abhilash Raj]

Hi Lakshman,

On 02/27/2016 10:52 AM, Lakshmanan Meiyappan wrote:
> Hi, I'm Lakshmanan, sophomore in Computer science and engineering. I love
> programming, and I love python and I would like to contribute to mailman
> project in this GSoC 16. I would be grateful if someone could guide me, as
> I'm a beginner. I'm hard worker and I can invest most of my time into this.
> It would be helpful if someone could help me in the process.

Welcome!

Stephen very recently answered this question on the list that you can
find here[1] in archives. You will also find link to the GSoC 2016 wiki
page in there where all the resources and getting started guides are linked.


[1]:
http://www.mail-archive.com/mailman-developers%40python.org/msg16122.html

> Thank you,
> 
> Lakshmanan meiyappan
> ___
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: 
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40gmail.com
> 
> Security Policy: http://wiki.list.org/x/QIA9
> 

-- 
thanks,
Abhilash Raj
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] GSoC 2016 Contribution

[Lakshmanan Meiyappan]

Hi, I'm Lakshmanan, sophomore in Computer science and engineering. I love
programming, and I love python and I would like to contribute to mailman
project in this GSoC 16. I would be grateful if someone could guide me, as
I'm a beginner. I'm hard worker and I can invest most of my time into this.
It would be helpful if someone could help me in the process.

Thank you,

Lakshmanan meiyappan
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] Help with installation

[Mark Sapiro]

On 02/27/2016 08:00 AM, Ibrahim Jarif wrote:
> Yes. I can surely do that. Could you tell me how do I edit the pages? I
> can't find the wiki.list.org source code.


Pages at wiki.list.org are edited via the wiki itself. There is an edit
action near the top of the left sidebar. There is extensive help - start
with HelpContents (also linked from the left sidebar.

Step 1 is to read and follow the first paragraph at
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] [Mailman-Users] Help with installation

[Ibrahim Jarif]

Yes. I can surely do that. Could you tell me how do I edit the pages? I
can't find the wiki.list.org source code.

On Sat, Feb 27, 2016 at 8:38 PM, Stephen J. Turnbull 
wrote:

> Ibrahim Jarif writes:
>
>  > https://hyperkitty.readthedocs.org/en/latest/development.html was
>  > written for older version of Django (I guess Django-1.6).
>
> I first used HK with Django 1.5 I think.  HK docs potentially go way
> back in Django history, and I know we've had backward compatibility
> issues with Django (to be fair, you expect those when going from x.y
> to x.(y+3) or so).  Beta testers, beware!  Those =version requirements
> do matter with Django.
>
>  > A lot has changed in Django-1.9. The latest version has different
>  > commands than those mentioned on the page.
>  >
>  > I've created an issue about the documentation here
>  > 
>
> Elsewhere I mentioned fixing an easy issue to qualify for GSoC.  This
> sounds like a perfect one to me!
>
>
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] [Mailman-Users] Help with installation

[Stephen J. Turnbull]

Ibrahim Jarif writes:

 > https://hyperkitty.readthedocs.org/en/latest/development.html was
 > written for older version of Django (I guess Django-1.6).

I first used HK with Django 1.5 I think.  HK docs potentially go way
back in Django history, and I know we've had backward compatibility
issues with Django (to be fair, you expect those when going from x.y
to x.(y+3) or so).  Beta testers, beware!  Those =version requirements
do matter with Django.

 > A lot has changed in Django-1.9. The latest version has different
 > commands than those mentioned on the page.
 > 
 > I've created an issue about the documentation here
 > 

Elsewhere I mentioned fixing an easy issue to qualify for GSoC.  This
sounds like a perfect one to me!

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] [Mailman-Users] Help with installation

[Ibrahim Jarif]

Hi,

Thank you for the reply. I solved the issue. The documentation at
https://hyperkitty.readthedocs.org/en/latest/development.html was written
for older version of Django (I guess Django-1.6). A lot has changed in
Django-1.9. The latest version has different commands than those mentioned
on the page.

I've created an issue about the documentation here


Thanks

-Ibrahim

On Sat, Feb 27, 2016 at 2:51 PM, Stephen J. Turnbull 
wrote:

> First, please make sure you direct replies to the list.  If you don't
> understand why that is appropriate, read Eric Raymond's "How to Ask
> Questions the Smart Way" (www.catb.org/esr/faqs/smart-questions.html).
>
> Redirecting to list is not automatic because we occasionally handle
> sensitive topics in private mail, and it would be a Bad Thing if a
> list administrator posted personal or system details to a public list
> by accident.
>
> Ibrahim Jarif writes:
>  > I guess the content filter removed the attachment.
>  >
>  > I ran ``django-admin migrate --pythonpath hyperkitty_standalone
> --settings
>  > settings ``. I get the following error
>
> [traceback details omitted]
>  > ImportError: No module named settings
>
> Is there a hyperkitty_standalone directory in the current directory
> when you run that command?  Is there a settings.py file in that
> directory?  Is the venv active when you run it?
>
> I would guess that you are running the command from the wrong current
> directory.
>
>
>
>
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] Regexp filtering

[Stephen J. Turnbull]

Mark Sapiro writes:

 > I agree it's confusing, and I've been caught in this confusion myself
 > and neglected to put the leading ^ in what I clearly intended to be a
 > regexp, but the convention goes back a long way in MM2.

Oh, of course I'm -1 on changing "regexps start with '^'" convention
in Mailman 2 myself!
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] [Mailman-Users] Help with installation

[Stephen J. Turnbull]

First, please make sure you direct replies to the list.  If you don't
understand why that is appropriate, read Eric Raymond's "How to Ask
Questions the Smart Way" (www.catb.org/esr/faqs/smart-questions.html).

Redirecting to list is not automatic because we occasionally handle
sensitive topics in private mail, and it would be a Bad Thing if a
list administrator posted personal or system details to a public list
by accident.

Ibrahim Jarif writes:
 > I guess the content filter removed the attachment.
 > 
 > I ran ``django-admin migrate --pythonpath hyperkitty_standalone --settings
 > settings ``. I get the following error

[traceback details omitted]
 > ImportError: No module named settings

Is there a hyperkitty_standalone directory in the current directory
when you run that command?  Is there a settings.py file in that
directory?  Is the venv active when you run it?

I would guess that you are running the command from the wrong current
directory.



___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] GSoC'16 Contribution

[Stephen J. Turnbull]

Ibrahim Jarif writes:

 > I'm Ibrahim Jarif. I'm studying computer engineering (3rd year). I wish to
 > apply for GSoC'16 with the mailman Project.

Welcome!

 > I'd really appreciate if someone could guide me and get me started with the
 > project.

The place to start is by bookmarking the GSoC 2016 page at

http://wiki.list.org/DEV/Google%20Summer%20of%20Code%202016

and the DEV page itself at

http://wiki.list.org/DEV/

If you haven't already checked Google's rules, do so at the "new GSoC
page" at

https://summerofcode.withgoogle.com/

(note that it's not "google-melange.com" any more!)

If you have a "Mailman itch" you need to "scratch", please let us know
about it.  It might make a good GSoC project.  If not, check the ideas
page (the first link above).

Finally, once you've got yourself a bit oriented, you should get
yourself a gitlab account[1], and check the issues at

https://gitlab.com/groups/mailman/issues

for something easy (like a doc fix), and start working toward a merge
request.  We want you to have at least one under your belt before
starting the summer.  (It doesn't have to be approved and merged for
you to qualify -- it's just proof that you're ready to deal with the
mechanics of contributing to Mailman.)

Footnotes: 
[1]  Not github, nothing against github personally but since we're a
GNU project, our Fearless Leader gets annoyed by RMS if we use
non-free resources, and that is pretty fearsomely annoying. :-)

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9