[Overload-sig] where does everything sit?
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Mon Aug 1 01:42:36 EDT 2016
Guido van Rossum writes:
> I'm curious why MM3 doesn't let you log in with email and password
> directly? What benefit did Mozilla's service have? Was it just that
> Mozilla handled password security?
That's the basic rationale. Mailman core's security is still
dependent on host security and not exposing control protocols to the
network, so the more aspects of user authentication and authorization
we can delegate to a service created and maintained by security
experts the better. This also allows us to avoid maintaining such
critical services in multiple places (Postorius and HyperKitty for
now).
Use of Persona seemed to allow us to depend on such expertise for both
single-sign-on (via Google or whatever) and password authentication.
Steve
More information about the Overload-sig
mailing list