Core implementation details, so I beinging this here from Mailman Users @ mailman3.org.
Abhilash Raj writes:
I have started working on designing a User management page2 in Core which should make it easy for superuser to manage several things about a User, including the ones that don’t have an account in Postorius to manage their own.
I don't understand this design with a "page in Core". I was thinking about this kind of problem, and tentatively came to the conclusion that any reference to something that can be resolved to a User should generate a Django account for that User in Postorius or HyperKitty. Authorization to use that account would still require authentication via the usual email verification dance, or some level of admin privilege.
The thing is that emails that have not been added to a User are unique. They will be the only Address attached to User created to manage them until authenticated, and transitively the only address attached to an automatically-created Django account (since those are 1-1 with core Users if they exist AFAIK).
What's missing here is the ability to merge core Users and their corresponding Django accounts. Doing this with nothing more than the usual email verification dance is not *obviously* provably secure to me, so we need to be careful, but I think it probably will turn out to be as secure as you can get. It seems to me that User merging is the most pressing problem of this kind. (At least, it affects me on a couple of list hosts, as well as on GitHub and GitLab.)
I'll take a look tomorrow or early next week.
Steve