[tor-project] Tor project's use of Mailman

Jan Jancar johny at neuromancer.sk
Sat Mar 25 13:09:26 UTC 2017



On 03/24/2017 09:10 AM, teor wrote:
> Hi Jan,
> 
>> On 22 Mar 2017, at 01:40, johny <johny at neuromancer.sk> wrote:
>>
>> Hi all,
>> I'm currently working on my GSoC proposal for the GNU Mailman project,
>> which aims to implement encrypted mailing lists. I noticed that Tor
>> project uses Mailman and has a few private lists as well. I think that
>> Tor project's private lists might be a great example that could use such
>> encrypted lists.
> 
> This sounds like a great proposal, but we've just implemented Schleuder.
> 
> Can you tell us how this would be different from Schleuder?

It is indeed a very similar design, with some differences, my Mailman's
encrypted list implementation will:
    1) be integrated into Mailman 3. Which means all features of a
regular Mailman mailing list will be supported. (with some changes to
work with an encrypted mailing list)
    2) keep the original sender's signature when resending to
subscribers, which means a bit less trust in the server is necessary
when the subscribers trust each other's keys. (AFAIK, Schleuder strips
the signature and adds a header saying it was valid/not)
    3) offer a bit more integration with the PGP web-of-trust model.
Where subscribers and mainly the list owner can sign the list key and
send it back to the mailing list server, which will from that point on
send this key with the new signature.

> 
> (Please don't put lines of dashes in the middle of your email. Some people
> use broken mail clients that cut off any text after a line of dashes.)

Sorry about that, will do, or rather won't do that anymore :)

-Jan


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20170325/6e1bde0c/attachment.sig>


More information about the tor-project mailing list