noc@iem.at wrote:
# Debian packages this is what I would normally pick, but: my past experience with mailman3 in Debian was... rather suboptimal. (my current Debian box running mailman3 is frozen at Debian/buster ("old-old-stable") because of mailman3).
Yep, I think a lot of people on this list have tried these packages and have got burnt. That is mor likely due to our own shortcomings rather than anything the package maintainers have done, but my impression is that most people on this list have gone either virtualenv or Docker due to the support that others have with these methods. For various reasons I now have to use Ubuntu, and when I migrated to Ubuntu 22.04 I wanted to go from Docker to use these packages, only to find that the packages were missing from Ubuntu due to the fact that Ubuntu shipped a newer Python version and that didn't work with the older version of Mailman in those packages. Since then I did an upgrade to Ubuntu 24.04 and briefly looked at the packages but my existing install was already on 3.3.9 so continued with the venv method.
# Docker packages this is of course the simplest from a deployment perspective, but then i'm a bit worried about the security perspective. in my perception, docker deployments tend to get installed and then forgotten, and while the host OS keeps getting updates, the docker images are just left as is. so they tend to get stale.
The Docker containers are well maintained by Maxking (Abhilash Raj) who is also the core Mailman maintainer. If you look at the images on Dockerhub they do get regular updates. I would say that your update strategy would need to take Docker image updates into account. I used these images for a while, I moved from Docker because I run software on the same machine as my small Mailman instance which takes over the Docker management, and I wanted Mailman to be installed alongside that.
# virtualenv this is the deployment method recommended in the docs. however, it doesn't say why this method is any better than the others. also, the website says that it was last updated in 2019, so: is this recommendation still relevant?
This is the method I use now and seems to be the most universally supported on this list. I've explained why I went this method earlier on in this post. The installation docs for virtualenv installation were very recently updated. Upgrading the distro (Python major version upgrade) does require a venv rebuild, but general updates throughout the year seem absolutely fine. All the persistent data is stored outside the venv of course.
Thanks. Andrew.