Fifth Secure List Server project report Joost van Baal February 24th, 2010 This report documents work done by the author for the Secure List Server project, as funded by the NLnet foundation. It also lists the current plans for the project. This document is a follow-up to the Fourth Secure List Server bi-monthly project report, which was published March 2009. Here's a condensed overview of the progress made thus far. Task Planned Delivered (Start project) 08-07-01 08-06-24 (Milestone 1) 08-08-15 08-08-09 (Milestone 2) 08-12-15 09-01-06 Publish third project report 09-01-01 09-01-26 Write and publish documentation 09-01-15 09-01-12 Publish fourth project report 09-03-01 09-03-18 Disseminate results 09-03-01 09-02-08 Create a package of SLS 09-03-01 09-09-09 (Milestone 3) 09-03-01 09-09-09 Releases of the patch have been shipped on 09-04-02, 09-07-18 and 09-09-05 (all for upstream release 2.1.12). A Debian package for the patch has been shipped on 09-04-02 (2.1.12-1+pgpsmime1) and 09-09-06 (2.1.12-2+pgpsmime1). An RPM package (for Fedora Core 11) for the patch was shipped on 09-09-09 (2.1.12-4+pgpsmime1.fc11). The final audit report mentioned the lax checking of multipart/signed messages. This has been fixed. Furthermore, it suggested to reduce the number of configuration options available to the list administrator. I'll work on this. The current plan is: Planned Act upon auditors final report 10-03-18 Try get SLS shipped w/ distros 10-03-29 Fifth and final project report 10-03-29 (Milestone 4) 10-03-29 Originally, completion of Milestone 4 was planned for April 15, 2009. Next to the listed tasks, I'll port the patch to upstream mailman 2.1.13 (released 09-12-22). Furthermore, I'll update the RPM and .deb packages to this new upstream release. I'll contact Mailman developer Barry Warsaw and ask him to perform his review he has offered via the Mailman Developers list. I'll contact responsible parties and try to get SLS shipped with Debian, Ubuntu and an RPM-based distribution (like Fedora) as well as the Sabayon and Smallsister projects.