
Is there any reason why there need to be two login screens? One for regular users and another one for moderatores/admin?
p@rick
-- state of mind Agentur für Kommunikation, Design und Softwareentwicklung
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 23, 2009, at 9:25 AM, Patrick Ben Koetter wrote:
Is there any reason why there need to be two login screens? One for regular users and another one for moderatores/admin?
No. Well, no /good/ reason. Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAknHjfQACgkQ2YZpQepbvXEyHACfVyyCHbatJyDv14iRCtVIzGOB zXQAn0V4D3belLBFitwvrlhdRTqq9HI2 =LWOA -----END PGP SIGNATURE-----

- Barry Warsaw <barry@list.org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 23, 2009, at 9:25 AM, Patrick Ben Koetter wrote:
Is there any reason why there need to be two login screens? One for regular users and another one for moderatores/admin?
I think it makes sense to simplify the interface and have only one login page, but ...
Subscribers need to provide their mail address (authentication identity) and their password. Admin and moderators currently don't have to.
If we had only one login page, would that require admin and moderators to provide an authentication identity too and not only their password? (At the moment I believe this would be a benefit. One could have more than one admin without having them share one password.)
Would that break any upgrade compatibility for none MM3 lists?
p@rick
-- state of mind Agentur für Kommunikation, Design und Softwareentwicklung
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 23, 2009, at 9:47 AM, Patrick Ben Koetter wrote:
I think it makes sense to simplify the interface and have only one
login page, but ...Subscribers need to provide their mail address (authentication
identity) and their password. Admin and moderators currently don't have to.
This is broken, for many reasons. It's this way because MM2 doesn't
have a notion of roles, so "admin" and "moderator" is defined solely
because you know a password. This password is shared among all people
sharing that role, which is another reason why this is broken.
Ideally, (in MM3) Mailman would have accounts, which would be separate
from but linked with the email addresses it manages for lists and
such. It should be separate in the sense that authentication
information may come from external systems, e.g. your content
management user accounts, or Launchpad, or OpenID, etc.
If we had only one login page, would that require admin and
moderators to provide an authentication identity too and not only their password?
(At the moment I believe this would be a benefit. One could have more than
one admin without having them share one password.)Would that break any upgrade compatibility for none MM3 lists?
Let's worry only about MM3 lists here. We'll have to deal with
upgrading/importing from MM2 at some point, but if possibly I'd like
to not compromise the MM3 design with worrying about importing from MM2.
Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAknHl/EACgkQ2YZpQepbvXG7qwCgqfdB0eGVgWol0NcDqUoxpN3p t9MAnRRCLi08H6t5wEPQtWFw5iG9B5TV =L3oK -----END PGP SIGNATURE-----

- Barry Warsaw <barry@list.org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 23, 2009, at 9:47 AM, Patrick Ben Koetter wrote:
I think it makes sense to simplify the interface and have only one
login page, but ...Subscribers need to provide their mail address (authentication
identity) and their password. Admin and moderators currently don't have to.This is broken, for many reasons. It's this way because MM2 doesn't
have a notion of roles, so "admin" and "moderator" is defined solely
because you know a password. This password is shared among all people
sharing that role, which is another reason why this is broken.
Agreed.
Ideally, (in MM3) Mailman would have accounts, which would be separate
from but linked with the email addresses it manages for lists and such.
It should be separate in the sense that authentication information may come from external systems, e.g. your content management user accounts, or Launchpad, or OpenID, etc.
Yes, I think a role model is a good idea and using external services is IMO a good idea too.
If we had only one login page, would that require admin and moderators to provide an authentication identity too and not only their password? (At the moment I believe this would be a benefit. One could have more than one admin without having them share one password.)
Would that break any upgrade compatibility for none MM3 lists?
Let's worry only about MM3 lists here. We'll have to deal with
upgrading/importing from MM2 at some point, but if possibly I'd like to not compromise the MM3 design with worrying about importing from MM2.
Fine. I will work with a unified login model then.
p@rick
-- state of mind Agentur für Kommunikation, Design und Softwareentwicklung
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
participants (2)
-
Barry Warsaw
-
Patrick Ben Koetter