-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 23, 2009, at 9:47 AM, Patrick Ben Koetter wrote:
I think it makes sense to simplify the interface and have only one
login page,
but ...
Subscribers need to provide their mail address (authentication
identity) and
their password. Admin and moderators currently don't have to.
This is broken, for many reasons. It's this way because MM2 doesn't
have a notion of roles, so "admin" and "moderator" is defined solely
because you know a password. This password is shared among all people
sharing that role, which is another reason why this is broken.
Ideally, (in MM3) Mailman would have accounts, which would be separate
from but linked with the email addresses it manages for lists and
such. It should be separate in the sense that authentication
information may come from external systems, e.g. your content
management user accounts, or Launchpad, or OpenID, etc.
If we had only one login page, would that require admin and
moderators to
provide an authentication identity too and not only their password?
(At the
moment I believe this would be a benefit. One could have more than
one admin
without having them share one password.)
Would that break any upgrade compatibility for none MM3 lists?
Let's worry only about MM3 lists here. We'll have to deal with
upgrading/importing from MM2 at some point, but if possibly I'd like
to not compromise the MM3 design with worrying about importing from MM2.
Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAknHl/EACgkQ2YZpQepbvXG7qwCgqfdB0eGVgWol0NcDqUoxpN3p
t9MAnRRCLi08H6t5wEPQtWFw5iG9B5TV
=L3oK
-----END PGP SIGNATURE-----
_______________________________________________
Mailman-Developers mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
