User:Legoktm/Mailman

From mediawiki.org
  • About 500 mailing lists
  • Mailman is the single longest piece of software the Movement has used. It was used by Nupedia and predates MediaWiki.
  • Mailman2 is bad. No mobile support, archives are inflexible (no search), very bad security practices, no real database for storage .
  • Decided to migrate in batches, set up a way for Mailman3 to coexist with Mailman2. Amir aka Ladsgroup kicked off the effort and then I joined him. Lots of volunteers and other staff helped with testing and debugging throughout the process.
  • Discovered a security bug in Mailman2, it was keeping archives for mailing lists that were set to not keep archives (board, legal, lgbt)
  • Then we started migrating, learned that no one had really tested Mailman3 on MariaDB, the database we use. Anyone who had an emoji in their name was rejected. Oops.
  • Discovered a security bug in Mailman3, when migrating private lists, archives would be public until the import finished. Big oops.
  • Worked well with upstream in getting our stuff fixed.
  • WMF funded a security audit last month, team is working on resolving those, the worst has been fixed and was an issue in a dependency.