Re: [Mailman-Developers] Future: Safe Auto-moderated Announce List

[Barry A. Warsaw]

> "JWB" == John W Baxter  writes:

JWB> I see the basic "how do I let the right people post to this
JWB> announce list automatically" question often enough to
JWB> indicate that there is a perceived need.

JWB> Let's put digital signature technology to work.

With MM2.1, this will only be necessary if you don't trust the From:
header.  I'm not saying I do trust it -- we all know it's easily
forged, but I am saying that the basic mechanisms you talk about are
already in place.  We'd simply need to add a way to manage and consult
the PKI.

I'd classify this as a useful feature for MM3.0, once we have a
consolidated user database.  Then the users could add public keys to
their records and Mailman could consult them against the signatures
for authentication of the From: address.

JWB> Checkbox: Automatically and silently reject (with logging)
JWB> any message not from a listed sender and properly signed.

JWB> Variations (not silently rejected, etc, if desired...but
JWB> sending a rejection message gives the would-be rogue poster
JWB> information).

This is turning into a common pattern, so it's likely something I'll
refactor in future versions.  You basically want to do something like
this:

- see if the message matches some criteria (e.g. from a known
  non-member, from a moderated member, etc.)

- if so, then decide on an action:

1. approve the message right now; send on without further
   moderation steps

2. let pass to subsequent moderation steps; we haven't ruled this
   message out, but we haven't actively ruled it in either

3. hold the message for moderator approval
- send a notification to the sender, or
- don't send a notification to the sender

4. reject the message outright, bouncing it
- this implies sending a notice to the sender

5. discard the message without further notification (but w/
   logging probably).
   
I've really only started to mull over in my mind the way to implement
this.  As usual, the sticky point is in designing a useable web gui
for customization.

> "DN" == Dale Newfield <[EMAIL PROTECTED]> writes:

>> Let's put digital signature technology to work.

DN> I think we'd get quite a bit of bang for the effort just
DN> adding a checkbox to the admindb page saying "and add this
DN> sender to auto-approve list?"  So it's easy to moderate a
DN> person's messages as long as you want, and then also easy to
DN> say "yeah--approve this and all future posts from this
DN> person.")

My time machine is working well then!  Check out MM2.1's admindb
summary page.  You can by default turn on the moderation flag for all
new members, and decide on an action for a moderated member (see
above).  If you decide to hold messages from moderated members, you'll
see an extra checkbox on the disposition gui asking you if you want to
turn off the member's moderation flag.

This will be the way to quarantine new members until they can be
trusted.  You'll also be able to do things like ban somebody from
subscribing from a list.

-Barry

___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] Future: Safe Auto-moderated Announce List

[Dale Newfield]

On Mon, 11 Feb 2002, John W Baxter wrote:
> I see the basic "how do I let the right people post to this announce list
> automatically" question often enough to indicate that there is a perceived
> need.

OK.

> Let's put digital signature technology to work.

I think we'd get quite a bit of bang for the effort just adding a checkbox
to the admindb page saying "and add this sender to auto-approve list?"
So it's easy to moderate a person's messages as long as you want, and then
also easy to say "yeah--approve this and all future posts from this
person.")

-Dale

---
Dale Newfield <[EMAIL PROTECTED]>

 "To announce that there must be no criticism of the President, or that we
are to stand by the President, right or wrong, is not only unpatriotic and
servile, but is morally treasonable to the American public." -T. Roosevelt



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

[Mailman-Developers] Future: Safe Auto-moderated Announce List

[John W Baxter]

I see the basic "how do I let the right people post to this announce list
automatically" question often enough to indicate that there is a perceived
need.

Let's put digital signature technology to work.

For some post 2.1 release (and probably patchable into 2.1 by suitable
people), extend the privacy options to include:

List (two columns...duplicate senders probably allowed for the case of a
work key and a home key or an assistant's key for authorized forging, or
whatever):
  Automatically post messages from these senders PROVIDED they are
digitally signed using the key listed for the sender.

Checkbox:
  Automatically and silently reject (with logging) any message not from a
listed sender and properly signed.

Variations (not silently rejected, etc, if desired...but sending a
rejection message gives the would-be rogue poster information).

It seems to me that this can be turned into a suitable solution to the
auto-moderated announce list desire, without a whole lot of coding.

I didn't see such a feature request on SourceForge...if I missed it I
apologize (I've spent no more than 15 minutes driving SourceForge).

  --John (whose site has about 5 lists which would benefit from this feature)

OA   (Obligatory acronym):  SAMAL
-- 
John Baxter   [EMAIL PROTECTED]  Port Ludlow, WA, USA

___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers