Re: [Mailman-Developers] PGP support for MM3

[Barry Warsaw]

On Nov 18, 2016, at 04:26 PM, Dominik wrote:

>I'd like to see PGP support for MM3 but I thought it might be a little
>to early to file an issue.

I think full PGP support as many people want will be a multi-issue,
multi-branch effort.  For example, I can imagine a branch that enables
list-specific key management so that you can encrypt a message to a mailing
list.  Then users/addresses would each also have key management.  Those touch
the database layer.  There will probably be branches that touch the REST API,
and handler/rules, etc.  Then there are likely changes to Postorius, possibly
HyperKitty, etc.

>Encrypted mailing for groups of people is still a mess in 2016:
>
>*  Either the group is relatively static or you never encrypt the mail
>  for all people.
>*  All members need to know each other. And you need the keys of all
>  the other members.
>
>So far for the motivation. Below there are some initial thoughts:
>
>**Treat mail differently based on their signing status:**
>
>1. Whether it has a signature or not.
>2. Whether the signature is valid or not.
>3. Whether the signing key matches the key of the list member.
> 
>**Treat mail differently based on their encryption status**
>
>Whether it is encrypted or not.

You could certainly do these things.  Once the basic key management
infrastructure is in place, you could fairly easily add various rules and
handlers to effect some of these features.  E.g. a rule could say "if this
message does not have a valid signature, discard it".  That could be useful
even without full encryption.  For outgoing encryption, you'd need a pre-MTA
handler if you wanted to do personalization, e.g. encrypt the message to each
user's registered key.

>**Other opportunities**
>
>1. A public key per list.
>2. Signing of outgoing mails with that list key.
>3. Encryption of outgoing mails with that list key.

#2 and #3 could be done with list-wide handlers, since they aren't
personalized.

>4. Send a mail with the lists public key on request.

Fairly easy to add a command to do this.

>Which one of these points a worth an implementation?

All?  None?  Some?  :)

It really kind of depends on what people want.  At a minimum, I would really
like the option of running a mailing list which requires valid signatures for
posting, to avoid blindly trusting the sender headers.  That still requires
user-based key management, so perhaps that's a good place to start.

Cheers,
-Barry


pgpzkWqFVWgXk.pgp
Description: OpenPGP digital signature
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] PGP support for MM3

[Mark Sapiro]

On 11/18/2016 07:26 AM, Dominik wrote:
> 
> I'd like to see PGP support for MM3 but I thought it might be a little
> to early to file an issue.


There are threads on a potential GSOC proposal for this starting at

and
.

I seem to recall more about this or maybe other GCOC proposals in this
area, but I don't know the status of any of it.

Steve may be able to provide more info.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] PGP support for MM3

[Dominik]

Hello everybody,

I'd like to see PGP support for MM3 but I thought it might be a little
to early to file an issue.

My original motivation was a setup of a full encrypted mailing list.
I'm well aware of the fact that it provides not the security a full
end-to-end encrypted communication provides, but for some people
(including me) it is an acceptable compromise.

Encrypted mailing for groups of people is still a mess in 2016:

*  Either the group is relatively static or you never encrypt the mail
  for all people.
*  All members need to know each other. And you need the keys of all
  the other members.

So far for the motivation. Below there are some initial thoughts:

**Treat mail differently based on their signing status:**

1. Whether it has a signature or not.
2. Whether the signature is valid or not.
3. Whether the signing key matches the key of the list member.
 
**Treat mail differently based on their encryption status**

Whether it is encrypted or not.

**Other opportunities**

1. A public key per list.
2. Signing of outgoing mails with that list key.
3. Encryption of outgoing mails with that list key.
4. Send a mail with the lists public key on request.

Which one of these points a worth an implementation?

Regards

Dominik


pgphEezjeZRMq.pgp
Description: OpenPGP digital signature
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] Docker files for mailman

[Danil Smirnov]

Okay I've found that image can be built if you base on Ubuntu Trusty distro
(line 6 of the Dockerfile: "FROM ubuntu:trusty") and add ruby-sass to the
set of packages to install (line 13: "apt-get install -y git python3-dev
python3-pip python-dev python-pip python-virtualenv ruby-sass").

I'm not sure whether I need to change it in the Wiki...

On 18 November 2016 at 16:08, Danil Smirnov  wrote:

> Hi Simon!
>
> I've just tried to build docker image from the Dockerfile mentioned on page
> https://wiki.list.org/DEV/Mailman%203.0/Mailman%203.0%20Suite%20Dockerfile
>
> The building has stopped with the following error
>
> Installing mailman.
>> The executable python3.4 (from --python=python3.4) does not exist
>> /tmp/tmpez1ftK/run: 2: /tmp/tmpez1ftK/run: 
>> /mailman3/mailman-bundler/venv-3.4/bin/pip:
>> not found
>> While:
>>   Installing mailman.
>>
>> An internal error occurred due to a bug in either zc.buildout or in a
>> recipe being used:
>> Traceback (most recent call last):
>>   File "/usr/local/lib/python2.7/dist-packages/zc/buildout/buildout.py",
>> line 1995, in main
>> getattr(buildout, command)(args)
>>   File "/usr/local/lib/python2.7/dist-packages/zc/buildout/buildout.py",
>> line 666, in install
>> installed_files = self[part]._call(recipe.install)
>>   File "/usr/local/lib/python2.7/dist-packages/zc/buildout/buildout.py",
>> line 1410, in _call
>> return f()
>>   File "/mailman3/mailman-bundler/eggs/collective.recipe.cmd-0.
>> 11-py2.7.egg/collective/recipe/cmd/__init__.py", line 56, in install
>> self.execute()
>>   File "/mailman3/mailman-bundler/eggs/collective.recipe.cmd-0.
>> 11-py2.7.egg/collective/recipe/cmd/__init__.py", line 69, in execute
>> run_commands(cmds, self.shell)
>>   File "/mailman3/mailman-bundler/eggs/collective.recipe.cmd-0.
>> 11-py2.7.egg/collective/recipe/cmd/__init__.py", line 39, in run_commands
>> check_call('%s %s' % (shell, tmpfile), shell=True)
>>   File "/usr/lib/python2.7/subprocess.py", line 541, in check_call
>> raise CalledProcessError(retcode, cmd)
>> CalledProcessError: Command 'sh /tmp/tmpez1ftK/run' returned non-zero
>> exit status 127
>> The command '/bin/sh -c buildout' returned a non-zero code: 1
>>
>
> Do you have any clue what happens?
>
> Danil
>
>
> On 17 July 2016 at 20:06, Simon Hanna  wrote:
>
>> Hi,
>>
>> I started working on docker files for Mailman.
>>
>> I created three repositories:
>> - https://github.com/simonsmiley/postorius-docker
>>   Holds the files needed to create a postorius container
>> - https://github.com/simonsmiley/mailman-docker
>>   Holds the files needed to create a core container
>> - https://github.com/simonsmiley/mailman-compose
>>   Holds docker-compose files that greatly simply the process of running
>>   the containers
>>
>> * The mailman repo currently lacks documentation
>> * Currently no emails can be sent.
>>   I still have to figure out what the best way is...
>> * Hyperkitty will be added next
>>   (together with a complete "bundler" install)
>>
>>
>> I pushed two images to the docker hub. Their names are
>> thelinuxguy/postorius and thelinuxguy/mailman
>>
>> I created two organizations
>> mailman on docker hub and gnu-mailman on github
>> https://github.com/gnu-mailman
>> https://hub.docker.com/u/mailman/
>>
>> I know we shouldn't use github, but there is no way around
>> github/bitbucket for automated builds on docker hub.
>>
>> I post here to inform you about the docker images and I also to ask if
>> I'm allowed to keep these two organizations and move my images/repos
>> there. I'll happily give push/owner access to additional people if
>> requested.
>>
>> The repositories could be mirrored to the gitlab mailman group,
>> sadly the process doesn't work the other way round just yet.
>>
>> In case this request gets denied, I'll just remove the organizations and
>> let the images be "unofficial".
>>
>> cheers,
>> Simon
>> ___
>> Mailman-Developers mailing list
>> Mailman-Developers@python.org
>> https://mail.python.org/mailman/listinfo/mailman-developers
>> Mailman FAQ: http://wiki.list.org/x/AgA3
>> Searchable Archives: http://www.mail-archive.com/ma
>> ilman-developers%40python.org/
>> Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/
>> danil%40smirnov.la
>>
>> Security Policy: http://wiki.list.org/x/QIA9
>>
>
>
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9