As the GSoC 2017 final evaluation period just ended, my final work product is finally submitted. This post is a summary of my final work product.
- Plugin for Mailman Core.
- Enables creating a PGP mailing list, which has a list key, can receive and serve messages encrypted, can sign and receive signed messages from subscribers.
- Creates the
keyemail command, which is used for per-address user key management.
- Subscription to a PGP enabled mailing list the subscribing address to send and confirm an address public key, which the moderator must verify.
- Somewhat confirms the user has possession of the appropriate private key to the one sent on subscription.
- Has per-list settings for encryption/signatures/what to do with non encrypted / non signed messages, etc..
- Optionally exposes a REST API for list configuration.
- Has local archivers which can store the messages encrypted by the list key.
- Stores list and address keys in configurable key directories.
- Requires (some not merged) MRs in Mailman Core:
- Additional MR (not required):
- Required branches are merged and maintained at J08nY/mailman/plugin.
- To install, do
pip install mailman-pgp, warning: it will pull in a development version of Mailman Core and PGPy.
- A Django app, uses django-mailman3 and mailmanclient, integrates well with Postorius and HyperKitty.
- Provides management of PGP enabled mailing lists to the list owner, and of PGP related subscription settings to the subscriber.
- Requires (currently not merged) MRs in mailmanclient, django-mailman3, Postorius and HyperKitty:
- Some screenshots:
- A plugin for Mailman Core that turned out to be unnecessary for the working of django-pgpmailman, but implemented a similar feature as this MR.
- This plugin sends the events (and some information about them) from Mailman Core to a list of configurable endpoints using JSON in HTTP POST requests.
- mailmanclient/split-sources, merged
- Many many PRs to PGPy, a Python only implementation of OpenPGP. 19 PRs and counting. As PGPy was not and still is not feature complete in regards to RFC4880 I found out many times that it’s missing features/bugs broke mailman-pgp CI. It would not make sense fixing them locally, both from a software design perspective and open source software one aswell.
I think I met almost all goals that the project idea required and my original proposal stated, with the noteworthy exception of remote archiving to HyperKitty which I just couldn’t find a way to integrate.