I spent a while yesterday thinking over the software projects that I'm currently interested in. It is a reasonably short list.
At the time I just looked over the packages that I've got installed and the number of bugs. I'm a little disappointed to see that the bugfixes that I applied to GNU screen have been mostly ignored.
Still I have the day off work on Thursday and Friday this week and would probbly spend it releasing the pending advisories I've got in my queue, and then fixing N bugs in a single package.
The alternative is to build a quick GPG-based mailing list manager.
I'd like a simple system which allowed users to subscribe, and only accepted GPG-signed mails. The subscriber could choose to receive their messages either signed (as-is) by the submitter or encrypted to them.
So to join you'd do something like this:
subscribe [email protected] [encrypted] --BEGIN PUBLIC KEY -- ... --ND PUBLIC KEY--
There is the risk, with a large enough number of users, that a list could DOS the host if it had to encrypt each message to each subscribers. But if the submissions were validated as being signed by a user with a known key it should be minimal, unless there is a lot of traffic.
The cases are simple:
- foo-subscribe => Add the user to the list, assuming valid key data found
- foo-unsubscribe => Do the reverse.
- foo:
- If the message is signed accept and either mail to each recipient, or encrypt on a per-recipient basis.
- If the message is not signed, or signed by a non-subscriber drop it.
There are some random hacks out there for this, including a mailman patch (did I mention how much I detest mailman yet today?) but nothing recent.
Tags: development, software, todo 1 comment
there are some encrypted mailing lists in the wild, for example the internal mailing list of entropia (http://entropia.de/), in case you want to discuss your setup with them.
Greetings, Joachim