On 04/07/2016 01:29 AM, Barry Warsaw wrote:
On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:
Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman.
I think we have to decide how and where addresses will be verified. Are they going to be via confirmations emailed by core or via Postorius?
I think the core has to support emailed confirmation messages because Postorius is technically an optional component. So if a site were to build their own REST front-end, they'd at least want to allow the core to handle email verifications without having to build that into their front-end. I don't mind the core being able to handle verfications. But I'm pretty sure everyone that offers a web interface for managing mailman will want the ability to confirm emails using http links. I don't see a reason why we should implement that in mailman, if it can easily be added in the front-end. Doing this has one downside in my opinion. Storing the same addresses in several places (which isn't bad perse, as a matter of fact microservices encourage duplicating data and synchronizing it) would need synchronization. Ideally mailman would offer signals for various events that front-ends can hook in to. They would probably be similar to the hyperkitty archiver plugin I guess.
Another thing I believe in is blocking access until an account is confirmed, which really shouldn't depend on mailman. While postorius might be a project that should always have an active connection to the core, and archive doesn't necessarily need it.
That doesn't necessarily prevent Postorius from doing it, and when used with Persona, we see how nicely that can work. It's also of course possible that any 3rd party front-end will have its own way of verifying email addresses.
The other thing to think about is that the core already must know how to talk to the outgoing MTA, to provide proper reputation services, signing, etc. I don't know that we want to make site admins have to configure that in two places, and we almost certainly don't want Postorius to send out emails directly.
Sorry but I have to disagree with that. Postorius _has_ to be able to send out mails. In case any server errors occur, django tries to send out emails to administrators defined in the settings. I strongly recommend setting this up for a production system. The mta should take care of the rest (dkim signatures, ...). If you are referring to gpg signing and encryption, there are django apps for that. A quick search revealed https://github.com/stephenmcd/django-email-extras I haven't tried it, but I don't think it would be that hard to integrate if the core supports them.
There is one more issue that needs to be discussed which is relevant to all templates: Translation. Django has builtin methods to translate and through the browser's preferred language can choose one. The core would require associating a language with each user in the settings.
From a usability point of view I would like Postorius to be able to set all templates and not just link to files in mailman. There are a couple of businesses that manage thousands of lists and I guess they would appreciate it if list owners could do this without direct access to the mailman server.