On 2024-09-17 11:59:00 -0000 (-0000), Sam Darwin via Mailman-users wrote: [...]
What if it's the same email but different passwords
This precisely. MM2 did let users specify a password, but by default it simply assigned them a new randomly-generated one for each list at time of subscription.
In the case of one environment I migrated to MM3, we actually also had multiple list domains with many of our users subscribing to lists on more than one domain. MM3's proper multi-tenancy allowed us to combine the lists for all those domains into a single deployment, with a side effect being that if a user creates a login for one domain they'll reuse that same login for every other domain in the same environment. So at least for me, the answer is that MM2 had per-list subscriber passwords, while MM3's Django user backend gets you cross-domain accounts.
Another aspect of this is RBAC. A user may be a list subscriber, moderator and owner. Instead of separate moderator and owner passwords shared by multiple individuals, the user's unique password can get them access to all the roles they've been granted (and can also be individually reset or revoked without having to communicate a new password to every moderator). It's not just a matter of security, but also operational efficiency.
Jeremy Stanley