FAQ
Hi,

We have been using the Approved header as a way to automtically approve
commit logs to a read-only mailinglist. We recently moved our
infrastructure to github and I wrote a patch to the github Email service
hook to add an Approved header.

https://github.com/github/github-services/pull/84

Now the problem of course is that this secret currently is either the list
admin or the list moderator password, which is far from secure. Especially
if the mails are not created on the mailman list server.

So I would propose to allow to set a separate secret used for approved
messages. If compromised, it's easy to change that secret on both sides.

Is this acceptable ?

Thanks in advance
--
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]

Search Discussions

  • Dag Wieers at Apr 20, 2011 at 1:44 pm

    On Thu, 14 Apr 2011, Dag Wieers wrote:

    We have been using the Approved header as a way to automatically approve
    commit logs to a read-only mailinglist. We recently moved our infrastructure
    to github and I wrote a patch to the github Email service hook to add an
    Approved header.

    https://github.com/github/github-services/pull/84

    Now the problem of course is that this secret currently is either the list
    admin or the list moderator password, which is far from secure. Especially if
    the mails are not created on the mailman list server.

    So I would propose to allow to set a separate secret used for approved
    messages. If compromised, it's easy to change that secret on both sides.

    Is this acceptable ?
    I received no feedback on this. Shall I open a ticket for this, or is this
    not considered valuable ?

    --
    -- dag wieers, dag at wieers.com, http://dag.wieers.com/
    -- dagit linux solutions, info at dagit.net, http://dagit.net/

    [Any errors in spelling, tact or fact are transmission errors]
  • Mark Sapiro at Apr 20, 2011 at 2:54 pm

    Dag Wieers wrote:
    On Thu, 14 Apr 2011, Dag Wieers wrote:

    We have been using the Approved header as a way to automatically approve
    commit logs to a read-only mailinglist. We recently moved our infrastructure
    to github and I wrote a patch to the github Email service hook to add an
    Approved header.

    https://github.com/github/github-services/pull/84

    Now the problem of course is that this secret currently is either the list
    admin or the list moderator password, which is far from secure. Especially if
    the mails are not created on the mailman list server.

    So I would propose to allow to set a separate secret used for approved
    messages. If compromised, it's easy to change that secret on both sides.

    Is this acceptable ?
    I received no feedback on this. Shall I open a ticket for this, or is this
    not considered valuable ?

    Sorry for not responding sooner. I do think it is a good idea. Although
    many lists do not need separate admins and moderators and could thus
    use the moderator password in this way, I think a separate 'posters'
    password would be a valuable change.

    The problem is Mailman 2.1 is supposed to be feature frozen, and this
    is a rather extensive change involving the web GUI to set the
    password, and list migration changes to ensure that list objects have
    the poster password attribute. We can certainly consider this for MM3.

    Please open a tracker item at
    <https://bugs.launchpad.net/mailman/+filebug>, and I'll see what I can
    do.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Mark Sapiro at Apr 26, 2011 at 1:40 am
    I have created a tracker item at
    <https://bugs.launchpad.net/mailman/+bug/770581> for this and
    implemented it for Mailman 2.1.15.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Dag Wieers at Apr 27, 2011 at 10:50 pm

    On Mon, 25 Apr 2011, Mark Sapiro wrote:

    I have created a tracker item at
    <https://bugs.launchpad.net/mailman/+bug/770581> for this and
    implemented it for Mailman 2.1.15.
    Hi Mark,

    It's nice to return from a prolonged weekend to find this in the mailbox
    :) Thanks a lot !

    PS I broke the news on github as well for future reference:
    https://github.com/github/github-services/pull/84

    Kind regards,
    --
    -- dag wieers, dag at wieers.com, http://dag.wieers.com/
    -- dagit linux solutions, info at dagit.net, http://dagit.net/

    [Any errors in spelling, tact or fact are transmission errors]

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedApr 14, '11 at 1:38p
activeApr 27, '11 at 10:50p
posts5
users2
websitelist.org

2 users in discussion

Dag Wieers: 3 posts Mark Sapiro: 2 posts

People

Translate

site design / logo © 2022 Grokbase