Mailman has always been about adhering to standards, preferably RFCs, but de facto standards are acceptable when it makes sense. OAUTH submission could make sense, but I'm not in favor of a supporting a proliferation of incompatible hacks. If this is going to be A Thing, then these webmail providers need to get together and agree on some standard.
Well, yeah. They all do SUBMIT. I understand the security issue of submission with a password, but it's the only thing that consistently works.
At least one of the large providers has told me they plan to do OAUTH submission, presumably with long lived tokens, which would greatly mitigate the security issues.
I'm trying to track down what's actually going on here. It's SUBMIT either way, so everything in the code except the way that authorization is sent to the SUBMIT server is the same.
Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.