On 5 October 2016 at 16:59, Sam Ruby <ru...@intertwingly.net> wrote: > While lists.apache.org is better in so many ways than what it replaced, a > pain point for me has been authentication: in particular, following a link > to see nothing there. Sometimes it reminds me that logging in would help, > and with a number of mouse clicks I can do that, but it doesn't always. > > At the present time, ponymail supports two authentication methods: Apache > OATH (backed by LDAP) and Mozilla Persona. > > In about seven weeks, Mozilla Persona will go away: > > https://bugzilla.mozilla.org/page.cgi?id=persona_deprecated.html > > My preference would be to replace OATH with standard HTTP basic > authentication. The issue being that this service shouldn't require > authentication for simple browsing of public lists.
It does not require auth for public mails. For example: https://lists.apache.org/list.html?d...@ponymail.apache.org Nor does it require auth for lists that have mixed public and private mails; only the private mails require auth. However such lists are not displayed currently (this is a server config item) For example: https://lists.apache.org/list.html?site-...@apache.org:2014-8 It was in this month that the list was made public. The list does not appear in the directory. > Perhaps the split could be http: URLs don't require/support authentication, > and https: URLs do? > > - Sam Ruby > >