[Mailman-Developers] Web Interface: Login

Barry Warsaw barry at list.org
Mon Mar 23 15:08:49 CET 2009

Hash: SHA1

On Mar 23, 2009, at 9:47 AM, Patrick Ben Koetter wrote:

> I think it makes sense to simplify the interface and have only one  
> login page,
> but ...
> Subscribers need to provide their mail address (authentication  
> identity) and
> their password. Admin and moderators currently don't have to.

This is broken, for many reasons.  It's this way because MM2 doesn't  
have a notion of roles, so "admin" and "moderator" is defined solely  
because you know a password.  This password is shared among all people  
sharing that role, which is another reason why this is broken.

Ideally, (in MM3) Mailman would have accounts, which would be separate  
from but linked with the email addresses it manages for lists and  
such.  It should be separate in the sense that authentication  
information may come from external systems, e.g. your content  
management user accounts, or Launchpad, or OpenID, etc.

> If we had only one login page, would that require admin and  
> moderators to
> provide an authentication identity too and not only their password?  
> (At the
> moment I believe this would be a benefit. One could have more than  
> one admin
> without having them share one password.)
> Would that break any upgrade compatibility for none MM3 lists?

Let's worry only about MM3 lists here.  We'll have to deal with  
upgrading/importing from MM2 at some point, but if possibly I'd like  
to not compromise the MM3 design with worrying about importing from MM2.


Version: GnuPG v1.4.9 (Darwin)


More information about the Mailman-Developers mailing list