Andrew Stuart writes:
> Right now I’m aiming for super simple.
This worries me. Nothing in security is simple (except for the
"Orange Book" and "RMS" models: the former being "it can't be attacked
if you don't plug it in" and the latter being "password communism" a
la Stallman).
At present, we
I chatted with Barry a few days ago to clarify what we need to do if we
want to release the Mailman suite, version 3.0, at the end of the PyCon
sprints. The sprints are April 13th-16th, 11 weeks from now. I used what
he said to update the TODO list for Mailman core, the client, Postorius,
HyperKitt
OK.
How about I make a standalone User Authorisation based server that has a user
data store with additional arbitrary user keys in it? It would also allow role
information to be assigned to those users via it’s own REST API (which I would
have to think about and make up).
Thus my API proxy (I
On Jan 24, 2015, at 04:05 PM, Andrew Stuart wrote:
>The main thing I’m looking for is whether there is an authorisation concept
>that operates at a higher level than the list.
No, there isn't[*].
>I wonder is there the concept of some sort of “special” mailing list that is
>different or hidden o
