diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-19 15:55:24 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-19 15:55:24 -0300 |
commit | 93af2e3a03f01ec555d49f50230340276e5cf0f2 (patch) | |
tree | 9dd1580aabf1fd58357464fdefcdf1bd0101c4bd | |
parent | 1c00031244f8b6199bf1504222c0fa8c3528fbaf (diff) | |
download | firma-93af2e3a03f01ec555d49f50230340276e5cf0f2.tar.gz firma-93af2e3a03f01ec555d49f50230340276e5cf0f2.tar.bz2 |
More markdown
-rw-r--r-- | index.mdwn | 60 |
1 files changed, 30 insertions, 30 deletions
@@ -40,18 +40,18 @@ cause this has none automation in the process we are looking for. For the first there are some options: -- Schleuder: http://schleuder2.nadir.org/ -- GPG Mailman: http://medien.informatik.uni-ulm.de/~stefan/gpg-mailman.xhtml -- Crypt-ML - gpg-ezmlm: http://www.synacklabs.net/projects/crypt-ml/ -- Secure Email List Services (SELS): http://sels.ncsa.illinois.edu/ +- [Schleuder](http://schleuder2.nadir.org/) +- [GPG Mailman](http://medien.informatik.uni-ulm.de/~stefan/gpg-mailman.xhtml) +- [Crypt-ML - gpg-ezmlm](http://www.synacklabs.net/projects/crypt-ml/) +- [Secure Email List Services (SELS)](http://sels.ncsa.illinois.edu/) -For the second option there is the NAH6 Mailman patch, -http://mail.python.org/pipermail/mailman-coders/2003-June/000506.html +For the second option there is the +[NAH6 Mailman patch](http://mail.python.org/pipermail/mailman-coders/2003-June/000506.html). -For the firsts releases of Firma, we choose to use just the first option. -In the future the code should contain support for an one-keypair list, -but this is not the main behavior we want in an encrypted mailing list. -This is a question of centralized versus decentralized vulnerability. +During the initiral Firma releases, we have chosen to use just the first +option. In the future the code should contain support for an one-keypair list, +but this is not the main behavior we want in an encrypted mailing list. This +is a question of centralized versus decentralized vulnerability. An one-keypair list is more or less just like a mail alias: someone send an encrypted email to the list address and the manager just forwards @@ -86,7 +86,7 @@ shell scripting language. But bash has many advantages: - Bash is found in almost all unix-like systems - Small dependencies: firma needs just tools like sed, awk, grep, cut and - gpg itself. Look at the file "GUIDELINES" to see a complete list of all + gpg itself. Look at the file [[GUIDELINES]] to see a complete list of all unix commands needed to run firma. - You can easily put all the tools, scripts and config files in a read-only @@ -98,8 +98,8 @@ shell scripting language. But bash has many advantages: - Firma has a total KISS design, and bash helps to keep it simple. -- Firma adopted the style suggested in the Advanced Bash-Scripting Guide, - http://www.tldp.org/LDP/abs/html/scrstyle.html +- Firma adopted the style suggested in the + [Advanced Bash-Scripting Guide](http://www.tldp.org/LDP/abs/html/scrstyle.html). Development Guidelines ---------------------- @@ -116,23 +116,23 @@ Note for Debian users: you'll need the "expect" package to run firma. Firma installation is quite simple: -1. Create a folder to store lists; by default firma use /var/lib/firma/lists - but you can use anything, just edit firma and change FIRMA_LIST_PATH +1. Create a folder to store lists; by default firma use `/var/lib/firma/lists` + but you can use anything, just edit firma and change `FIRMA_LIST_PATH` variable. -2. Copy firma script to whatever you like, e.g. /usr/local/bin and check that +2. Copy firma script to whatever you like, e.g. `/usr/local/bin` and check that it has no write permission -3. Create a list-wide config file (default is /var/lib/firma/firma.conf) with +3. Create a list-wide config file (default is `/var/lib/firma/firma.conf`) with the common definitions for all lists. You might just copy the sample firma.conf.dist and edit according to your needs. - All config variables can be overwritten at each list's own config file; - firma.conf should be chmoded as 600, chowned nobody.nobody or whatever - user your MTA runs. If you run postfix, the user is specified by the - main.cf parameter "default_privs". +All config variables can be overwritten at each list's own config file; +firma.conf should be chmoded as `600`, chowned `nobody.nobody` or whatever user +your MTA runs. If you run postfix, the user is specified by the `main.cf` +parameter `default_privs`. - For a list of all config parameters, type +For a list of all config parameters, type firma --help config @@ -149,8 +149,8 @@ the following variables: PASSPHRASE= passphrase for the list's private keyring A gpg keypair and a config file are automatically generated; the owner of the -config file and keyring should be nobody.nobody (or the user your MTA run as) -and its permissions must be 600. +config file and keyring should be `nobody.nobody` (or the user your MTA run as) +and its permissions must be `600`. After that you can add some optional parameters on this list config file: @@ -186,12 +186,12 @@ After that you can add some optional parameters on this list config file: your-list: "| /usr/local/bin/firma -p your-list" your-list-request: "| /usr/local/bin/firma -e your-list" - and then run the command +and then run the command newaliases - alternatively, you can use a virtual mailbox table if you want - to easily host a lot of encrypted mailing lists. +alternatively, you can use a virtual mailbox table if you want +to easily host a lot of encrypted mailing lists. 7. Admin tasks are performed through aliases like your-list-request@yourmachine or via command-line: @@ -223,7 +223,7 @@ following commands: and be sure that after this command the list keyring is owned by nobody.nobody. -9. Send encrypted AND signed messages to your-list@yourmachine and look +9. Send encrypted AND signed messages to `your-list@yourmachine` and look what happens :) Tips @@ -231,8 +231,8 @@ Tips - Use an encrypted swap memory - Use a read-only media to store firma and its needed apps -- Use ramdisk to FIRMA_LIST_PATH so all keys and passwords vanishes if the server is shutdown -- Use a big PASSPHRASE, 25+ chars with alpha-numeric and special ascii keys +- Use ramdisk to `FIRMA_LIST_PATH` so all keys and passwords vanishes if the server is shutdown +- Use a big `PASSPHRASE`, 25+ chars with alpha-numeric and special ascii keys Design and features (OUTDATED) ------------------------------ |