Abhilash Raj writes:
90% of the time is spent trying to encrypt user passwords, for each of the imported member. Well, duh, encryption is an expensive operation and when you do that once per-imported member, it is definitely going to be slow.
Why are we storing unencrypted passwords at all? Passwords are pretty low-security in any case, but this is asking for trouble.
Although, another interesting fact is the user passwords are kind of useless in Mailman 3. In Mailman 2 you had to setup a password or one was auto-generated for you per-list and you needed that to login to the web ui. However, in Mailman 3, the passwords (in Core's database) aren't used for logging in since Web Frontend stores the authentication tokens (social auth or passwords). In fact, the users who sign up first time on Mailman 3 probably don't ever have a password set in Mailman Core's database.
I'll trust you on that. Although it suggests the question, if nobody has a password, why does it take so much time to encrypt no passwords?
So, I commented out the code that actually imports the password(src/mailman/utilities/importer.py#L663-664)
I'm happy with this. This is a major breaking change *if* anyone is using core passwords which they probably aren't, but it deserves flashing lights and sirens in the release announcements.
Steve
-- Associate Professor Division of Policy and Planning Science http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnbull@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN