After long delay we are pleased to announce new version of Shibboleth 2.2.1. Not too much were changed since that but we renewed our work on the project.
This is mainly a maintenance release. It was brought to perl 5.8.x and features one additional command 'update-aliases' which only updates MTA aliases DB without touching anything else.
Recently a new paper "Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML" was published by Don Davis (see http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html\)
As our goal for Shibboleth is security and even more security, it was necessary to plug flaws mentioned in the paper. In short, if secure data (PGP in our case) is transferred over insecure media (SMTP), it is possible to substitute outer layer. The cure is: ``when signing and encryption are combined, the inner crypto layer must somehow depend on the outer layer, so as to reveal any tampering with the outer layer''.... read more
A new version of security and privacy aware mailing list has been released.
This is a minor bugfix release, featuring better processing of mail sent to unknown user. Now instead of generating error message to list administrator, it sends a bounce to a message originator.
This fresh new version of Shibboleth is aimed to ease life of local administrators as it lets to do all management work without PGP. And it was implemented without compromissing security.
Bot is able to run in interactive mode and it automatically enters admin mode.
Also some bugs with qmail support were fixed, as well as more work on perl 5.005 compatibility.
Documentation now has full set of admin commands described.
Shibboleth didn't run under perl 5.003 because of syntax enhancements in perl 5.6.0. Now it is fixed.
A bugfix version of Shibboleth 2.0.5 released. Move to sendmail-detail mode revealed more bugs which just prevented Bot to work correctly. Now it is fixed.
This new release of Shibboleth, a security-aware mailing list manager introuduces another step to build really secure and private mailing lists.
Now it is possible to filter any specified MIME section.
Particularly it is very helpful with filtering HTMLed mail which may introduce security vulnerabilities because of possible use of external data such as images. which makes possible to track readers. Shibboleth makes possible for list administrator to remove all specified attachments.... read more
Shibboleth, privacy and security aware mailing list manager
version 2.0.3 has been released.
This is mainly a bugfix release. All lumberjack problems now
resolved and it again is able to do the job -- rotate logs.
Also I started to fix documentation. And although it is still incomplete, but is accurate and at least doesn't tell about outdated things.
As for version number, it is really version 2. We started to work on the project back in 1996, and in 1998 it reached version 2.0a86. By that time it served for a real crowd of people, running simulatenously couple of dozens different mailing lists.... read more
This is Shibboleth. A privacy and security aware mailing list manager, perfect for allowing closed groups to interact on the Internet without interference from outsiders and former insiders.
Current features are: user verification to prevent any forged mailing to list, message digest handling, address standartization, header canonicalization, file serving, header-based passwords, PGP support, remote e-mail based management, lists moderation, message filters as well as many other.... read more
Soon we are going to make next release of Shibboleth.
With this release the project will step to Beta stage.
Finally we released verion 0.0.1 of shibboleth. A secure
mailing list package (see http://shibboleth.sourceforge.net\).
We hope it is a good start and we will develop the package.
We claim curresnt project state as alpha but mainly it is only
because it needs kind of complicated setup and lacks some
documentation. Although it is fully functional and works
just like expected.
Two mailing lists have been established for discussion of Shibboleth. shibboleth-announce is a standard announcement list: very low volume, basically limited to announcements about availability, new versions, etc.
shibboleth-hack is a developers' list for discussion of feature requests, design and implementation issues, etc. Volume on this list will likely be a function of development activity.