Am 12.02.19 um 17:11 schrieb Stephen J. Turnbull:
Note: I've changed the order of sentences from Torge's post to fit my responses.
Torge Riedel writes:
I do agree, same here on my side. Lot's of my users are very "sensitive" to social media and don't want see them here.
This is the first I've heard of this. Obviously it's fairly widespread; *please* speak up if anyone have similar issues that we haven't addressed. AFAIK all of the currently active Mailman developers believe that social auth is a GoodThang[tm], so we're unlikely to DTRT as you see it without your help.
Well most of my users are 60+ so social media is some kind of a thing from hell for them ;-) I don't want to blame it, but to ensure acceptance in my scenario it is required to hide them somehow.
I need to migrate from mailman2 to mailman3 and was wondering why social accounts are enabled by default
By default Mailman 3 is social media: you have a profile, you can be searched in the indicies of the archives, and so on. The large auth providers provide more secure authentication, and a lot of convenience for users who have such accounts already. They also take some administrative burden off the list and site managers when people lose their passwords and forget what their subscription address is, and similar scenarios. Clearly, these are not universally-valued features, but I think that they justify the current defaults.
Yes, this was a bit unprecise. For my feeling it is better to enable one after another, but it is ok for me to do it the other way.
and are difficult to disable.
They're easy enough to disable (easy to recognize and just add a hash character in front), since you have to edit settings_local.py to install anyway. If you're using a packaged version and the package configuration utility doesn't handle it, there's nothing we can do about it. The distro will have to deal with that.
It should be better documented, I imagine (haven't checked yet).
I propose something like an additional setting listing the enabled social accounts.
Do you mean in the Postorius administration interface? If so, do you want it by-site, by-domain, or by-list? ("You" is everybody who wants to disable social auth, not just Torge!)
If you mean in settings_local.py, I suggested something similar earlier. It's not obvious it would be easy to do (sometimes these things are order-dependent, though that's bad practice).
Having the configuration in the UI would be the best solution. So not everything needs to be done by me. A first approach is the mentioned setting, which can be set to an empty value to overwrite the default. Without the risk to break something else. Just to repeat.
And if the admin is setting this to an empty value in the settings_local.py everything is disabled
Because the settings are a Python module, this is the way settings_local.py works anyway. That's why Mark suggested editing INSTALLED_APPS.
Thanks so far for going into the discussion.