Janko Mivšek escreveu:
> Another measure would be to authenticate e-mail sent to the lists more
> strongly, with signing it with PGP or S/MIME (digital certs). Signed
> emails would be tagged as completely trusted, while others would go to a
> moderation list, or just tagged as untrusted.
>
> This requires additional discipline from us the senders of email of
> course and this is a major drawback of this approach. But it seems we
> will soon be forced to do that otherwise not too hard additional setup
> of our mail clients to support PGP or S/MIME mail signing.
>
> On the server side there is a project underway to upgrade Mailman list
> server (which we are using) to support such authentication:
>
>
> Secure List Server: Mailman, PGP and S/MIME
> http://non-gnu.uvt.nl/mailman-ssls/pgp-smime/talk/mailman-pgp-smime-talk.txt
> The Secure List Server: an OpenPGP and S/MIME aware Mailman
> http://non-gnu.uvt.nl/mailman-pgp-smime/
>
>
> Best regards
> Janko
>
>   
Good evening.

I think that authenticating via PGP/PGP-MIME/S-MIME is useful to avoid
faked mail.

I don't think that this spam that penetrated the list is a real big
problem (unless it becomes frequent). Identification of the source can
be useful to possibly help a member of this list to get rid of a Trojan
or root kit that infected his computer. Besides, I strongly believe that
people must be warned to be careful when forwarding e-mails from one
list to another because if you don't strip headers and embedded email
addresses you create potential risks for the list (since it is not that
difficult to forge emails.

Best regards,

Casimiro


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20090126/2f411ac1/signature.pgp