Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
It's been a few weeks since the last posting to this thread, but I nonetheless wanted to follow up to provide some sort of closure around one organization's mailing list migration efforts from Majordomo and to also hopefully provide a few interesting tidbits of information to others. Based in part on the incredible responsiveness and assistance from this thread, we have decided to go with Mailman instead of Sympa. We took a few measures to lock down our instance, including all of the following: - Centralized LDAP authentication via Apache's mod_authnz_ldap (http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html) - Removed all subscriber password form fields from the UI so that only auto-generated passwords are used for subscribers (templates/en/listinfo.html and templates/en/options.html) - Changed the back-end for subscriber passwords too so that a form/CGI password can never become the subscriber password (Mailman/Cgi/subscribe.py) - Removed the auto-generate password option from the Create a New List form so that users had to choose a password, and then removed the password string from the Your list has been created emails (templates/en/newlist.txt) - Change the Password Reminder text to Password Reset and auto-generate a new random password before emailing the subscriber their password (Mailman/Cgi/options.py) - Don't require a Mailman list creator password when creating a new list because the site is already locked down via an Apache LDAP module (Mailman/Cgi/create.py) I also wrote an import script from Majordomo into Mailman, thoroughly referencing the excellent contrib/majordomo2mailman.pl script written in 2002 by Heiko that currently lives in the Mailman2 tarball. I was able to translate most Majordomo settings into Mailman. The script also has a --stats option if you just want to get a sense of the distribution of values across all of your Majordomo lists. The script is only on GitHub right now (https://github.com/mayesgr/import_majordomo_into_mailman), but I plan to post it to Mailman's bug tracker once I'm 100% satisfied with it, in the hopes that, if others find it useful, it makes its way into the tarball as well. If you'd like the script improved in any way, please feel free to let me know. (Apologies to all pythonistas, myself included: the script started out as import_majordomo_into_sympa.pl, which are both written in Perl, and then we changed gears when we decided to go with Mailman instead.) Thanks again to everyone for all of your great information and help, Geoff Mayes -Original Message- From: mailman-users-bounces+gmayes=uoregon@python.org [mailto:mailman-users-bounces+gmayes=uoregon@python.org] On Behalf Of Geoff Mayes Sent: Thursday, January 19, 2012 10:32 AM To: mailman-users@python.org Subject: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo) Hello Mailman gurus, I hope a general question about Mailman's features and future direction (along with some Sympa comparisons) are appropriate for this list. The University of Oregon is migrating away from Majordomo. We decided on Sympa because Mailman sends passwords over email while Sympa provides centralized (e.g. Shibboleth, LDAP, etc) authentication. If Mailman provided a way around the passwords in the clear issue, I'm pretty sure we'd go with Mailman because: - Mailman is more thoroughly used and thus tested (one stat that gets at this is Alexa Traffic Rank: 165,692 vs 749,729 for Sympa) - Mailman is more mature (the max bug ID for mailman in its issue-tracking system is ~913,400; the max bug ID for Sympa is 8,117 and there is still no bug category for Sympa's latest version -- 6.1.7 -- even though it has been out for over 4 months) - Mailman has greater branch stability and code reliability (I noticed that Barry ran a pre-checkin acceptance suite for the Postgres patch for Mailman 3 before he checked it in) - Mailman has a bright and well-documented future (Mailman 3 and its bug tracker, source code, milestones, etc) - Mailman has a more active and supportive community, which is very important in resolving future issues (Mailman had 150 list postings in December and through mid-January while Sympa had 44; I've been impressed with Mark Sapiro's responsiveness on this list) Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? I've written a number of Django apps using my own LDAP module, so I was also wondering if folks think now is a mature-enough time to perhaps grab Mailman 3, its Django front-end, and hack together what I'm after? A final, random question: Mailman 3 is still in alpha, but is it stable given that it's almost been in alpha for 4 years? Many, many thinks for any help, pointers, or information, Geoff Mayes -- Mailman-Users
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On 2012-01-19 19:32, Geoff Mayes wrote: I hope a general question about Mailman's features and future direction (along with some Sympa comparisons) are appropriate for this list. The University of Oregon is migrating away from Majordomo. We decided on Sympa because Mailman sends passwords over email ... Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? You can stop the cronjob used to email reminders. With this you don't email them to the users, but they will still be saved in clear text in Mailman. I've written a number of Django apps using my own LDAP module, so I was also wondering if folks think now is a mature-enough time to perhaps grab Mailman 3, its Django front-end, and hack together what I'm after? A final, random question: Mailman 3 is still in alpha, but is it stable given that it's almost been in alpha for 4 years? Didn't test it yet, so no comment from me. Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On Fri, Jan 20, 2012 at 10:05:20AM +0100, Mailman Admin wrote: On 2012-01-19 19:32, Geoff Mayes wrote: I hope a general question about Mailman's features and future direction (along with some Sympa comparisons) are appropriate for this list. The University of Oregon is migrating away from Majordomo. Hurrah! ;o) We decided on Sympa because Mailman sends passwords over email ... Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? You can stop the cronjob used to email reminders. +1 With this you don't email them to the users, but they will still be saved in clear text in Mailman. Another way could be to make the 'don't use a valuable password' text more prominent, or enforce some password complexity test. There is the LDAP extension, YMMV. I've written a number of Django apps using my own LDAP module, so I was also wondering if folks think now is a mature-enough time to perhaps grab Mailman 3, its Django front-end, and hack together what I'm after? A final, random question: Mailman 3 is still in alpha, but is it stable given that it's almost been in alpha for 4 years? http://mail.python.org/pipermail/mailman-announce/2011-September/000164.html seems to be the latest update. IIRC, Barry's not on -users, but does post on -developers. (There was an update, but I can't quickly find it) I could be wrong on that, though/ -- I try not to get drunk at lunchtime any earlier in the week than Thursday. -- Giles Coren -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On 1/20/2012 1:05 AM, Mailman Admin wrote: On 2012-01-19 19:32, Geoff Mayes wrote: Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? You can stop the cronjob used to email reminders. With this you don't email them to the users, but they will still be saved in clear text in Mailman. You can also easily change the code to leave it out of the reminder. z! -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On 1/20/2012 8:48 AM, Carl Zwanzig wrote: On 1/20/2012 1:05 AM, Mailman Admin wrote: On 2012-01-19 19:32, Geoff Mayes wrote: Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? You can stop the cronjob used to email reminders. With this you don't email them to the users, but they will still be saved in clear text in Mailman. You can also easily change the code to leave it out of the reminder. Or simplest of all, use the option on the General Settings page (under Notifications) and turn off the monthly reminders. Chris -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
Thank you everyone for your help and sharing all of this information. I found it very useful and further proof of the active and supportive Mailman community. It sounds like, to summarize, the Mailman2 branch can lock down its passwords by: 1. disabling cron password reminders 2. increasing the warning in the UI about not using valuable passwords Mailman2 cannot change the following, however, without code changes: a. storing passwords unencrypted b. sending password reminder emails to list subscribers who request a reminder via the UI (is that right?). I'm not worried about (a), just trying to be thorough. Question: Can list admins request a password reminder email via the UI? In the UI I see that subscribers can but it doesn't look like list admins can. If that is true and a list admin/owner loses their password, does the Mailman site administrator have to fetch it for them? I'm thinking about the extra work (however small, as others have pointed out that admins rarely change their settings) this will put on our mailman administrator if there are 2k+ lists. Thanks to all for your prompt and wonderful responses, Geoff Mayes -Original Message- From: mailman-users-bounces+gmayes=uoregon@python.org [mailto:mailman-users-bounces+gmayes=uoregon@python.org] On Behalf Of C Nulk Sent: Friday, January 20, 2012 9:39 AM To: mailman-users@python.org Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo) On 1/20/2012 8:48 AM, Carl Zwanzig wrote: On 1/20/2012 1:05 AM, Mailman Admin wrote: On 2012-01-19 19:32, Geoff Mayes wrote: Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? You can stop the cronjob used to email reminders. With this you don't email them to the users, but they will still be saved in clear text in Mailman. You can also easily change the code to leave it out of the reminder. Or simplest of all, use the option on the General Settings page (under Notifications) and turn off the monthly reminders. Chris -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman- users/gmayes%40uoregon.edu -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On 1/20/2012 10:06 AM, Geoff Mayes wrote: Thank you everyone for your help and sharing all of this information. I found it very useful and further proof of the active and supportive Mailman community. It sounds like, to summarize, the Mailman2 branch can lock down its passwords by: 1. disabling cron password reminders 2. increasing the warning in the UI about not using valuable passwords Mailman2 cannot change the following, however, without code changes: a. storing passwords unencrypted b. sending password reminder emails to list subscribers who request a reminder via the UI (is that right?). I'm not worried about (a), just trying to be thorough. Question: Can list admins request a password reminder email via the UI? In the UI I see that subscribers can but it doesn't look like list admins can. If that is true and a list admin/owner loses their password, does the Mailman site administrator have to fetch it for them? I'm thinking about the extra work (however small, as others have pointed out that admins rarely change their settings) this will put on our mailman administrator if there are 2k+ lists. Thanks to all for your prompt and wonderful responses, Geoff Mayes I don't believe the List Administrator/owner can have the list admin password sent to them. I don't think the site administrator can do it either. The only solution is to have the Site Admin change the list administrator password or if there are multiple list admins, have them tell the other admins for the list what the password is or change the password and then let the other know (if any). But I could be wrong. We don't have 2+k lists so having the Site Admin change a list admin password is not a problem. Then again, since we started using Mailman, that has happened maybe three or four times. The student government moderates their own list for the undergraduate student population and sometimes they forget to let the incoming government people know the moderator password. Chris -Original Message- From: mailman-users-bounces+gmayes=uoregon@python.org [mailto:mailman-users-bounces+gmayes=uoregon@python.org] On Behalf Of C Nulk Sent: Friday, January 20, 2012 9:39 AM To: mailman-users@python.org Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo) On 1/20/2012 8:48 AM, Carl Zwanzig wrote: On 1/20/2012 1:05 AM, Mailman Admin wrote: On 2012-01-19 19:32, Geoff Mayes wrote: Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? You can stop the cronjob used to email reminders. With this you don't email them to the users, but they will still be saved in clear text in Mailman. You can also easily change the code to leave it out of the reminder. Or simplest of all, use the option on the General Settings page (under Notifications) and turn off the monthly reminders. Chris -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman- users/gmayes%40uoregon.edu -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On Jan 19, 2012, at 06:32 PM, Geoff Mayes wrote: Mailman is more mature (the max bug ID for mailman in its issue-tracking system is ~913,400; the max bug ID for Sympa is 8,117 and there is still no bug category for Sympa's latest version -- 6.1.7 -- even though it has been out for over 4 months) I'm not sure bug numbers are a good indication. Launchpad has one namespace for all bugs, so the maximum number reflects bugs reported across all hosted upstream projects *and* all Ubuntu bugs. OTOH, Mailman has been around since the mid-90's. That's good because the key parts of the code are heavily battle-tested and (IMO) very stable. It's bad because some things like the web ui really need a good updating (and this is going on in the web-ui project for Mailman 3). Mailman has greater branch stability and code reliability (I noticed that Barry ran a pre-checkin acceptance suite for the Postgres patch for Mailman 3 before he checked it in) Yep. I have a strict testing policy for mm3 code. Mailman has a bright and well-documented future (Mailman 3 and its bug tracker, source code, milestones, etc) I think so too! Mailman has a more active and supportive community, which is very important in resolving future issues (Mailman had 150 list postings in December and through mid-January while Sympa had 44; I've been impressed with Mark Sapiro's responsiveness on this list) Mark is *awesome*. Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? As I think others have pointed out, individual users can disable password reminders, list admins can disable them for their lists, and site admins can disable them for the entire site (by turning off the cron job). As for mm3 release, well, I think now that I'll be giving a talk at Pycon 2012 on it, I *have* to release it before then! There are two blockers, that I am attempting to solve before going into beta. 1) the REST API needs an authentication/authorization framework; 2) we need some kind of schema migration approach. Come on over to mailman-developers@ if you want to participate. I know there is at least one site using mm3 in production today. I have some patches that need to be applied to improve the API performance, but I'm confident the core engine is pretty solid. I've written a number of Django apps using my own LDAP module, so I was also wondering if folks think now is a mature-enough time to perhaps grab Mailman 3, its Django front-end, and hack together what I'm after? Yes, I think now is a great time to do that. The API is fleshed out enough that you should be able to build a web-ui to communicate with it, or you can help Florian and Terri drive the official web-ui toward release. A final, random question: Mailman 3 is still in alpha, but is it stable given that it's almost been in alpha for 4 years? Nothing can replace actual field testing under real world conditions, but I'm pretty confident about the core engine. As I mentioned above, one way or another it has to go to beta before Pycon. :) -Barry -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
On Thu, 19 Jan 2012, Geoff Mayes wrote: If Mailman provided a way around the passwords in the clear issue, I'm pretty sure we'd go with Mailman ... My personal opionion is Mailman passwords are so insignificant that it really shouldn't be an issue. On the other hand, I recognize that you may have direction from above that because it's called a password, it needs to be ulta-secure (there are, unfortunately, too many bosses who don't understand security and don't understand that different types of systems have different security needs). How much damage could be done if a Mailman user password was compromised? How much damage could be done if my on-line banking password was compromised? The answers are very different yet there are many who want them secured in the same way. I so rarely use a Mailman password that I don't even try to remember it. If I need to use it on a Mailman system, I have it send it to me, use it, then forget it. If someone wants to mess up my subscription on a Mailman system, well, go ahead. I have far more important things in life to worry about. Also, consider how many other times passwords are sent in the clear, just not in email. A snail mail with a password is also a password sent in the clear yet few seem to have a problem with that. Maybe because I practice good password managment, I am less concerned about an email being snooped than I am about snail mail theft or privileged access abuses. I would not worry about Mailman passwords being sent in the clear and instead, urge users to use good password practices. For Mailman, encourage them to let Mailman assign a password (and thereby, not reuse a PW). Because no matter what you do, people will reuse passwords, use the same password for low and high security needs, use easy-to-guess passwords, write them down, and other things that just make Mailman's password concerns the least of your organization's security concerns. -- Larry Stone lston...@stonejongleux.com -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
Larry, I think you closed our security hole! You're right that someone else getting their hands on your mailman password is incredibly minor. The issue is when individuals subscribe to lists using their central LDAP/AD password as their Mailman list password. In that case password interception is a bigger deal. As you recommend in your paragraph on password best practices, people should let Mailman2 auto-generate a password. And it looks like this can easily be enforced by simply removing the Pick a password and Reenter password to confirm fields from the list subscription page. Mailman will then auto-generate all passwords. Voila! Unique passwords that only exist in Mailman. (Now if someone chooses to start using their Mailman list password as their LDAP password...) :) The annoying issue that remains is that Mailman2 cannot be brought under centralized authorization and users have yet another password to maintain. But as you and others have pointed out, list owners and list subscribers rarely interact with Mailman. And MM3 is on the horizon... This is great. Thanks, Geoff -Original Message- From: mailman-users-bounces+gmayes=uoregon@python.org [mailto:mailman-users-bounces+gmayes=uoregon@python.org] On Behalf Of Larry Stone Sent: Friday, January 20, 2012 1:18 PM To: mailman-users@python.org Subject: Re: [Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo) On Thu, 19 Jan 2012, Geoff Mayes wrote: If Mailman provided a way around the passwords in the clear issue, I'm pretty sure we'd go with Mailman ... My personal opionion is Mailman passwords are so insignificant that it really shouldn't be an issue. On the other hand, I recognize that you may have direction from above that because it's called a password, it needs to be ulta-secure (there are, unfortunately, too many bosses who don't understand security and don't understand that different types of systems have different security needs). How much damage could be done if a Mailman user password was compromised? How much damage could be done if my on-line banking password was compromised? The answers are very different yet there are many who want them secured in the same way. I so rarely use a Mailman password that I don't even try to remember it. If I need to use it on a Mailman system, I have it send it to me, use it, then forget it. If someone wants to mess up my subscription on a Mailman system, well, go ahead. I have far more important things in life to worry about. Also, consider how many other times passwords are sent in the clear, just not in email. A snail mail with a password is also a password sent in the clear yet few seem to have a problem with that. Maybe because I practice good password managment, I am less concerned about an email being snooped than I am about snail mail theft or privileged access abuses. I would not worry about Mailman passwords being sent in the clear and instead, urge users to use good password practices. For Mailman, encourage them to let Mailman assign a password (and thereby, not reuse a PW). Because no matter what you do, people will reuse passwords, use the same password for low and high security needs, use easy-to-guess passwords, write them down, and other things that just make Mailman's password concerns the least of your organization's security concerns. -- Larry Stone lston...@stonejongleux.com -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman- users/gmayes%40uoregon.edu -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Thoughts about migrating to Mailman instead of Sympa (from Majordomo)
Hello Mailman gurus, I hope a general question about Mailman's features and future direction (along with some Sympa comparisons) are appropriate for this list. The University of Oregon is migrating away from Majordomo. We decided on Sympa because Mailman sends passwords over email while Sympa provides centralized (e.g. Shibboleth, LDAP, etc) authentication. If Mailman provided a way around the passwords in the clear issue, I'm pretty sure we'd go with Mailman because: - Mailman is more thoroughly used and thus tested (one stat that gets at this is Alexa Traffic Rank: 165,692 vs 749,729 for Sympa) - Mailman is more mature (the max bug ID for mailman in its issue-tracking system is ~913,400; the max bug ID for Sympa is 8,117 and there is still no bug category for Sympa's latest version -- 6.1.7 -- even though it has been out for over 4 months) - Mailman has greater branch stability and code reliability (I noticed that Barry ran a pre-checkin acceptance suite for the Postgres patch for Mailman 3 before he checked it in) - Mailman has a bright and well-documented future (Mailman 3 and its bug tracker, source code, milestones, etc) - Mailman has a more active and supportive community, which is very important in resolving future issues (Mailman had 150 list postings in December and through mid-January while Sympa had 44; I've been impressed with Mark Sapiro's responsiveness on this list) Does anyone know a way around the emailed passwords issue in Mailman, clever hacks, certain plugins, or a timeline for Mailman 3's release? I've written a number of Django apps using my own LDAP module, so I was also wondering if folks think now is a mature-enough time to perhaps grab Mailman 3, its Django front-end, and hack together what I'm after? A final, random question: Mailman 3 is still in alpha, but is it stable given that it's almost been in alpha for 4 years? Many, many thinks for any help, pointers, or information, Geoff Mayes -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
