
                  Fifth Secure List Server project report

                    Joost van Baal <joostvb@ad1810.com>
                           February 24th, 2010

This report documents work done by the author for the Secure List Server
project, as funded by the NLnet foundation.  It also lists the current plans
for the project.  This document is a follow-up to the Fourth Secure List Server
bi-monthly project report, which was published March 2009.

Here's a condensed overview of the progress made thus far.

 Task                                Planned   Delivered
 (Start project)                     08-07-01  08-06-24
 (Milestone 1)                       08-08-15  08-08-09
 (Milestone 2)                       08-12-15  09-01-06

 Publish third project report        09-01-01  09-01-26
 Write and publish documentation     09-01-15  09-01-12
 Publish fourth project report       09-03-01  09-03-18
 Disseminate results                 09-03-01  09-02-08
 Create a package of SLS             09-03-01  09-09-09
 (Milestone 3)                       09-03-01  09-09-09

Releases of the patch have been shipped on 09-04-02, 09-07-18 and 09-09-05 (all
for upstream release 2.1.12).

A Debian package for the patch has been shipped on 09-04-02
(2.1.12-1+pgpsmime1) and 09-09-06 (2.1.12-2+pgpsmime1).

An RPM package (for Fedora Core 11) for the patch was shipped on 09-09-09
(2.1.12-4+pgpsmime1.fc11).

The final audit report mentioned the lax checking of multipart/signed messages.
This has been fixed.  Furthermore, it suggested to reduce the number of
configuration options available to the list administrator.  I'll work on this.

The current plan is:
                                     Planned
 Act upon auditors final report      10-03-18
 Try get SLS shipped w/ distros      10-03-29
 Fifth and final project report      10-03-29
 (Milestone 4)                       10-03-29

Originally, completion of Milestone 4 was planned for April 15, 2009.

Next to the listed tasks, I'll port the patch to upstream mailman 2.1.13
(released 09-12-22).  Furthermore, I'll update the RPM and .deb packages to
this new upstream release.

I'll contact Mailman developer Barry Warsaw and ask him to perform his review
he has offered via the Mailman Developers list.

I'll contact responsible parties and try to get SLS shipped with Debian, Ubuntu
and an RPM-based distribution (like Fedora) as well as the Sabayon and
Smallsister projects.


