Mercurial > p > roundup > code
diff doc/installation.txt @ 3922:586679a314f7
role checking for PGP mail and docs
Erik's suggestion to allow the admin to specify a set of roles to
perform PGP processing on seemed like a reasonable one I implemented
it. There is a new config option to control it.
I also realized that the signature verification had a slight problem:
it was simply checking for a valid, known signature before continuing
on. If another user in the keyring forged mail it was pass the PGP
check and then modify the db as the forged user. I changed the logic
to make sure that the author of the email matches the key of the
verifying signature.
As I was adding the documentation for the PGP processing I noticed
that there were several other new-ish options that didn't appear in
customizing.txt so I added them as well.
| author | Justus Pendleton <jpend@users.sourceforge.net> |
|---|---|
| date | Wed, 26 Sep 2007 03:20:21 +0000 |
| parents | d4163100f4f3 |
| children | 1dab48842cbd |
line wrap: on
line diff
--- a/doc/installation.txt Wed Sep 26 03:07:55 2007 +0000 +++ b/doc/installation.txt Wed Sep 26 03:20:21 2007 +0000 @@ -2,7 +2,7 @@ Installing Roundup ================== -:Version: $Revision: 1.126 $ +:Version: $Revision: 1.127 $ .. contents:: :depth: 2 @@ -81,10 +81,17 @@ proxy through a server with SSL support (e.g. apache) then this is unnecessary. +pyme + If pyme_ is installed you can configure the mail gateway to perform + verification or decryption of incoming OpenPGP MIME messages. When + configured, you can require email to be cryptographically signed + before roundup will allow it to make modifications to issues. + .. _Xapian: http://www.xapian.org/ .. _pytz: http://www.python.org/pypi/pytz .. _Olson tz database: http://www.twinsun.com/tz/tz-link.htm .. _pyopenssl: http://pyopenssl.sourceforge.net +.. _pyme: http://pyme.sourceforge.net Getting Roundup