On 04/07/2016 01:29 AM, Barry Warsaw wrote: > On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote: > >> Short version: it supports both external (social) and internal (django) auth >> systems and offers options to combine/switch between them . Allauth provides >> Signals that I used to verify the addresses in Mailman. > > I think we have to decide how and where addresses will be verified. Are they > going to be via confirmations emailed by core or via Postorius? > > I think the core has to support emailed confirmation messages because > Postorius is technically an optional component. So if a site were to build > their own REST front-end, they'd at least want to allow the core to handle > email verifications without having to build that into their front-end. I don't mind the core being able to handle verfications. But I'm pretty sure everyone that offers a web interface for managing mailman will want the ability to confirm emails using http links. I don't see a reason why we should implement that in mailman, if it can easily be added in the front-end. Doing this has one downside in my opinion. Storing the same addresses in several places (which isn't bad perse, as a matter of fact microservices encourage duplicating data and synchronizing it) would need synchronization. Ideally mailman would offer signals for various events that front-ends can hook in to. They would probably be similar to the hyperkitty archiver plugin I guess.
Another thing I believe in is blocking access until an account is confirmed, which really shouldn't depend on mailman. While postorius might be a project that should always have an active connection to the core, and archive doesn't necessarily need it. > > That doesn't necessarily prevent Postorius from doing it, and when used with > Persona, we see how nicely that can work. It's also of course possible that > any 3rd party front-end will have its own way of verifying email addresses. > > The other thing to think about is that the core already must know how to talk > to the outgoing MTA, to provide proper reputation services, signing, etc. I > don't know that we want to make site admins have to configure that in two > places, and we almost certainly don't want Postorius to send out emails > directly. Sorry but I have to disagree with that. Postorius _has_ to be able to send out mails. In case any server errors occur, django tries to send out emails to administrators defined in the settings. I strongly recommend setting this up for a production system. The mta should take care of the rest (dkim signatures, ...). If you are referring to gpg signing and encryption, there are django apps for that. A quick search revealed https://github.com/stephenmcd/django-email-extras I haven't tried it, but I don't think it would be that hard to integrate if the core supports them. There is one more issue that needs to be discussed which is relevant to all templates: Translation. Django has builtin methods to translate and through the browser's preferred language can choose one. The core would require associating a language with each user in the settings. >From a usability point of view I would like Postorius to be able to set all >templates and not just link to files in mailman. There are a couple of businesses that manage thousands of lists and I guess they would appreciate it if list owners could do this without direct access to the mailman server. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
