Add config-option "nosy" to messages_to_author setting in [nosy] section

[roundup.git] / roundup / configuration.py

diff --git a/roundup/configuration.py b/roundup/configuration.py
index b145e96ecc1d77ba77963ed80496786348174496..f7ae9d7743605ea10d08d91655c7b20e357b0355 100644 (file)
--- a/roundup/configuration.py
+++ b/roundup/configuration.py
@@ -537,6 +537,22 @@ SETTINGS = (
             "starting with python 2.5. Set this to a higher value if you\n"
             "get the error 'Error: field larger than field limit' during\n"
             "import."),
+        (IntegerNumberOption, 'password_pbkdf2_default_rounds', '10000',
+            "Sets the default number of rounds used when encoding passwords\n"
+            "using the PBKDF2 scheme. Set this to a higher value on faster\n"
+            "systems which want more security.\n"
+            "PBKDF2 (Password-Based Key Derivation Function) is a\n"
+            "password hashing mechanism that derives hash from the\n"
+            "password and a random salt. For authentication this process\n"
+            "is repeated with the same salt as in the stored hash.\n"
+            "If both hashes match, the authentication succeeds.\n"
+            "PBKDF2 supports a variable 'rounds' parameter which varies\n"
+            "the time-cost of calculating the hash - doubling the number\n"
+            "of rounds doubles the cpu time required to calculate it. The\n"
+            "purpose of this is to periodically adjust the rounds as CPUs\n"
+            "become faster. The currently enforced minimum number of\n"
+            "rounds is 1000.\n"
+            "See: http://en.wikipedia.org/wiki/PBKDF2 and RFC2898"),
     )),
     ("tracker", (
         (Option, "name", "Roundup issue tracker",
@@ -579,6 +595,10 @@ SETTINGS = (
             "Setting this option makes Roundup display error tracebacks\n"
             "in the user's browser rather than emailing them to the\n"
             "tracker admin."),
+        (BooleanOption, "migrate_passwords", "yes",
+            "Setting this option makes Roundup migrate passwords with\n"
+            "an insecure password-scheme to a more secure scheme\n"
+            "when the user logs in via the web-interface."),
     )),
     ("rdbms", (
         (Option, 'name', 'roundup',
@@ -610,6 +630,12 @@ SETTINGS = (
             "Only used in SQLite connections."),
         (IntegerNumberOption, 'cache_size', '100',
             "Size of the node cache (in elements)"),
+        (BooleanOption, "allow_create", "yes",
+            "Setting this option to 'no' protects the database against table creations."),
+        (BooleanOption, "allow_alter", "yes",
+            "Setting this option to 'no' protects the database against table alterations."),
+        (BooleanOption, "allow_drop", "yes",
+            "Setting this option to 'no' protects the database against table drops."),
         (NullableOption, 'template', '',
             "Name of the PostgreSQL template for database creation.\n"
             "For database creation the template used has to match\n"
@@ -773,18 +799,44 @@ SETTINGS = (
     ), "Roundup Mail Gateway options"),
     ("pgp", (
         (BooleanOption, "enable", "no",
-            "Enable PGP processing. Requires pyme."),
+            "Enable PGP processing. Requires pyme. If you're planning\n"
+            "to send encrypted PGP mail to the tracker, you should also\n"
+            "enable the encrypt-option below, otherwise mail received\n"
+            "encrypted might be sent unencrypted to another user."),
         (NullableOption, "roles", "",
             "If specified, a comma-separated list of roles to perform\n"
             "PGP processing on. If not specified, it happens for all\n"
-            "users."),
+            "users. Note that received PGP messages (signed and/or\n"
+            "encrypted) will be processed with PGP even if the user\n"
+            "doesn't have one of the PGP roles, you can use this to make\n"
+            "PGP processing completely optional by defining a role here\n"
+            "and not assigning any users to that role."),
         (NullableOption, "homedir", "",
             "Location of PGP directory. Defaults to $HOME/.gnupg if\n"
             "not specified."),
+        (BooleanOption, "encrypt", "no",
+            "Enable PGP encryption. All outgoing mails are encrypted.\n"
+            "This requires that keys for all users (with one of the gpg\n"
+            "roles above or all users if empty) are available. Note that\n"
+            "it makes sense to educate users to also send mails encrypted\n"
+            "to the tracker, to enforce this, set 'require_incoming'\n"
+            "option below (but see the note)."),
+        (Option, "require_incoming", "signed",
+            "Require that pgp messages received by roundup are either\n"
+            "'signed', 'encrypted' or 'both'. If encryption is required\n"
+            "we do not return the message (in clear) to the user but just\n"
+            "send an informational message that the message was rejected.\n"
+            "Note that this still presents known-plaintext to an attacker\n"
+            "when the users sends the mail a second time with encryption\n"
+            "turned on."),
     ), "OpenPGP mail processing options"),
     ("nosy", (
-        (RunDetectorOption, "messages_to_author", "no",
-            "Send nosy messages to the author of the message.",
+        (Option, "messages_to_author", "no",
+            "Send nosy messages to the author of the message.\n"
+            "Allowed values: yes, no, new, nosy -- if yes, messages\n"
+            "are sent to the author even if not on the nosy list, same\n"
+            "for new (but only for new messages). When set to nosy,\n"
+            "the nosy list controls sending messages to the author.",
             ["MESSAGES_TO_AUTHOR"]),
         (Option, "signature_position", "bottom",
             "Where to place the email signature.\n"