• Leigh B. Stoller's avatar
    The bulk of the mailman support. Still not turned on by default (cause · a64593f3
    Leigh B. Stoller authored
    Jay has "comments"), but I do not want it hanging around in my source
    tree. Here is my mail message:
    * The "My Mailing Lists" is context sensitive (copied from Tim's
      changes to the My Bug Databases). It takes you to the *archives* for
      the current project (or subgroup) list. Or it takes you to your
      first joined project.
    * The showproject and showgroup pages have direct links to the project
      and group specific archives. If you are in reddot mode, you also
      get a link to the admin page for the list. Note that project and
      group leaders are just plain members of these lists.
    * The interface to create a new "user" list is:
      We do not store the password, but just fire it over in the list
      creation process.
      Anyone can create their own mailing lists. They are not associated
      with projects, but just the person creating the list. That person
      is the list administrator and is given permission to access the
      configuration page.
      This page is not hooked in yet; not sure where.
    * Once you have your own lists, you user profile page includes a link
      in the sub menu: Show Mailman Lists. From this page you can delete
      lists, zap to the admin page, or change the admin password (which is
      really just a subpage of the admin page).
    * As usual, in reddot mode you can mess with anyone else's mailman lists,
      (via the magic of mailman cookies).
    * Note on cross machine login. The mailman stuff has a really easy way
      to generate the right kind of cookie to give users access. You can
      generate a cookie to give user access, or to the admin interface for
      a list (a different cookie). Behind the scenes, I ssh over and get
      the cookie, and set it in the user's browser from boss. When the
      browser is redirected over to ops, that cookie goes along and gives
      the user the requested access. No passwords need be sent around,
      since we do the authentication ourselves.