pgpmoose is a standard by which all valid messages in a moderated Usenet newsgroup are signed with a specific PGP/GPG key. All messages that appear in the group without that valid pgpmoose key are therefore invalid and assumed to be forged, and should be automatically removed from the newsgroup.
There are currently two mailing lists for pgpmoose-related traffic:
- firstname.lastname@example.org - run by the Big-8 Management Board.
- email@example.com - less maintained but older members are still present
In regards to pgpmoose, the primary job of the moderator is to sign all posts that are posted to the group. After that, it is the moderator's responsibility to ensure that the group is being monitored by a pgpmoose administrator, and that news administrators honor the directives of those pgpmoose administrators.
Writing a new Moderation Bot
The easiest way to sign your posts with pgpmoose is to use
sign_pgpmoose () function in News::Article.
STUMP and other old Moderation Bots
If you would like to drop-in support for modern pgpmoose checking
scripts using GPG, you can download replacement
pmcheck scripts here.
The responsibility of the news administrator is simply to honor the proper directives of the pgpmoose administrators. There are three means of doing this automatically: cancels, NoCeMs, or custom on-spool technologies.
The easiest (and least secure) way of following the directives of the pgpmoose moderators is to simply enable third-party cancels on your server. This is risky, as doing so opens up additional forms of cancel attacks. For more information, please see the Cancel Messages FAQ.
A more secure but more difficult to configure method of protecting your moderated groups is NoCeM. As described here:
NoCeM [...] is a protocol enabling authenticated third parties to issue notices which site administrators can use to delete unwanted articles from their news spool, or which end users can use as a 'third-party killfile'. It is intended to eventually replace the protocol for third-party cancel messages. Other kinds of application are also possible.
In this case, NoCeM messages are issued for articles that fail the pgpmoose check.
Tim Skirvin issues and signs NoCeM messages based on pgpmoose signatures for groups that he monitors. If you are interested in following these NoCeM messages, or in signing up to have a group watched, details are here.
There are currently no on-spool software packages to verify pgpmoose signatures. If you are interested in writing one, please contact Tim.
Software to cancel posts and/or issue NoCeMs is available here. Please warn the pgpmoose mailing list if you are moderating a new group!