In all fairness, this is not a problem with mailman3. I had the exact same issue with Perisan Wikipedia's internal admin mailing list where I'm an owner. You can set a name there but most people prefer their name instead of their username and I couldn't find out which user is which. In some cases, I even sent an email internally asking "Does anyone know who is foo@bar.com?".

Back to trying to fix the problem. This will be partially handled with https://phabricator.wikimedia.org/T249678 which when done, you can draw the connection between user and email addresses. Even if that doesn't get done, handling such cases (specially the ones dealing with NDA) is much easier in mm3. Now we have the list of members in a database table and I can query that!, then I can easily match that query with email addresses of checkusers and other functionaries across all wikis in production tables. This can be written in a weekend but I need approval from legal/T&S for this as this effectively moves private data around in production and possibly I need to disclose the results to owners of that mailing list. Please create a ticket and let's continue discussing there.

Best

On Tue, Jun 15, 2021 at 1:40 AM Platonides <platonides@gmail.com> wrote:

First, I don't think the way it was used was "secure". I think it could be changed by the user himself.

Second, the field probably still existsin the database, but a way to change it is not exposed. The names in quotations Risker mentions are probably that field, migrated from mailman2.

Third, for such private I think we should aim for having:
a) A mapping of the private list and the membership condition (e.g. user needs to belong to either group A on wiki x or group B in wiki Y). This could live in puppet, a lists repo, etc.
b) A daily cron which automatically unsubscribes from each private list the mailman3 users in the list which don't have the wiki email linked to a user with the applicabe permission.

This way, even if moderators lost track of someone no longer being a X (or made a mistake sigining up the wrong user), it would be automatically corrected at most after 24 hours.
Note the user wouldn't need to use the same email address on-wiki and on mailman. Jusr to have mailman know that the wiki mall belongs to the same mailan account.

Bonus would be not to let a user join the list without the needed requirement, but that seems more complex.

Best regards

_______________________________________________
Listadmins mailing list -- listadmins@lists.wikimedia.org
To unsubscribe send an email to listadmins-leave@lists.wikimedia.org

To request technical changes for a specific list, please instead create a task in Phabricator. See https://meta.wikimedia.org/wiki/Mailing_lists