[Mailman-Developers] Architecture for extra profile info

[Barry Warsaw]

My main suggestion for now is to be very careful and not over-engineer the
user database component.  Provide something minimal that fits the bill and has
a minimum of security, e.g. basic-auth over localhost, and possibly https.

For now, I think it would be fine as a Django app if that makes things easier,
but also remember how much pain we had at the sprint trying to get Postorius
and HyperKitty deployed together (how's that coming by the way?).

OTOH, do the easiest thing that will allow our GSoC students to succeed but
that doesn't box us in later.  E.g. providing a REST API makes sense, and it's
okay if there aren't fancy UI to change the schema (unless it's easy using
Django).

Eventually OAuth is a good idea and I'm not aware of anything else that fits
the bill as well, for authenticated scripting of REST APIs.  But we probably
don't need it for now.

One important requirement is that for any data that is kept in both the core
and the user database, we must have a way of keeping them in sync.  The
easiest way of doing that I think is to allow two way communication between
them so that if data changes in the core (e.g. an address gets verified by
reply instead of link-click), the core can inform the user database of this
event.  Eventually, we can think about how the core would just share that
information or delegate to the user database, but for now, and for the GSoC
students, it's probably overkill.

-Barry