Developers of Sympa

[Serge Aumont <address@concealed>]

Hi Sympa guys

The next major version of Sympa will be version 6.0. We plan to include 
some significant changes in it, that's why we gave up the idea of Sympa 
5.5. We should add significant pieces of code during the summer and make 
it a stable version by the end of 2008 hopefuly.  We've already done 
some work on this code branch :

Latest work :  email challenge now includes a URL using a random ticket. 
These URLs can be used to create authenticated Sympa session to the 
appropriate sympa context without requiring users to login with their 
email and password. It is used for example when notifying a list owner 
that a message or a subscription request is pending.  Tickets expire 
after a few days and can used only ones. Tickets are also used for 
"first login" and the "password lost" processes : password are stored as 
finger prints to remove the security issue of password reminder. You can 
test it on http://demo.sympa.org/sympa ; you will see that now passwords 
can't be reminded anymore, but reset instead.

Internal documentation about one_time_ticket : 
http://www.sympa.org/internals/internals-auth

We'll try to keep you informed of new developments more regularly and we 
hope to get some  feedback from you.


Serge Aumont