On 9/16/24 16:25, Sam Darwin via Mailman-users wrote:
Why can't passwords be imported from mailman2 to mailman3? How difficult would it be to do? (is there a link to where this is already explained? )
Mailman 3 users have a _password attribute which isn't actually used for anything. The importer used to set this from the MM 2.1 member's password, but this was dropped by <https://gitlab.com/mailman/mailman/-/merge_requests/565>. See <https://mail.python.org/archives/list/mailman-developers@python.org/thread/454FVD23LFZSF5AX76DF2FOXRJARXQYH/> for a discussion of this. Also note that since member passwords were stored in plain text in MM 2.1 and periodically emailed, those passwords are inherently not secure and have possibly been exposed so setting that password, even though encrypted in MM 3, is not a good idea.
As far as creating a Django user for an imported member, whether or not with the member's MM 2.1 password, it is at least as expensive as just encrypting the password and would result in poor performance.
Further, and perhaps more importantly, Mailman 3 is modular. There is no guarantee that any Mailman Core installation into which a MM 2.1 list is imported actually also supports Django users for Postorius and/or HyperKitty.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan