Once upstream does new releases for Mailman, hyperkitty, postorius (and any related components), we will upgrade lists.wikimedia.org.
In the meantime this mostly serves as a tracking bug for things that will be fixed when we upgrade.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | BUG REPORT | None | T286149 Mailman doesn't replace email in notice when changing subscription email | ||
| Open | None | T283909 Poor link parsing in HyperKitty (Mailman 3) web archive | |||
| Open | None | T283128 In Mailman3, users cannot change their display name from the web | |||
| Open | BUG REPORT | None | T291134 Confirmation message when changing email subscription is broken | ||
| Open | None | T286217 Upgrade lists.wikimedia.org to next Mailman/hyperkitty/postorius versions |
Event Timeline
Comment Actions
postorius 1.3.5 was released, in addition to the unsubscribe security fix we already have: https://docs.mailman3.org/projects/postorius/en/latest/news.html#news-1-3-5
Mailman Core 3.3.5b1 is out: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/NEWS.html#news-3-3-5
From the announcement:
It is a pre-release for 3.3.5, which is slated to come out in 3 weeks from now.
I am planning for a 2 week beta period, after which I'll release the first RC and then stable a week after. Right now I am not planning to release a second beta version, but if there are several changes in Core in the next week or so, then I might.
We should at least upgrade the cloud VM to the beta.
Comment Actions
Here's the dependency diff for Mailman Core 3.3.5 from 3.3.4:
@@ -111,16 +111,16 @@ case second 'm'. Any other spelling is incorrect.""", }, install_requires = [ 'aiosmtpd>=1.4.1', + 'alembic>=1.6.2,<1.7', - 'alembic', 'atpublic', 'authheaders>=0.9.2', 'authres>=1.0.1', + 'click>=8.0.0', - 'click>=7.0.0', 'dnspython>=1.14.0', + 'falcon>=3.0.0', + 'flufl.bounce>=4.0', + 'flufl.i18n>=3.2', + 'flufl.lock>=5.1', - 'falcon>1.0.0', - 'flufl.bounce', - 'flufl.i18n>=2.0', - 'flufl.lock>=3.1', 'importlib_resources>=1.1.0', 'gunicorn', 'lazr.config',
- alembic has a weird constraint, bullseye has 1.4.3-1 while testing has 1.7.1-3
- click as well, bullseye/sid have 7.1.2-1
- falcon, testing has 3.0.1-2
- flufl.bounce, already using 4.0
- flufl.i18n, sid has 3.0.1-1
- flufl.lock, sid has 5.0.1-1
So...another round of package updates. It doesn't seem like upgrading to bullseye first will help much here.
Comment Actions
I'm waiting for this because HyperKitty v1.3.5 provides RSS feed. (https://gitlab.com/mailman/hyperkitty/-/merge_requests/302)
Comment Actions
Mailman really doesn't have an owner yet. Kunal and I did just the upgrade from 2 to 3 due its severe limitations and security issues. I have way too much in my plate to do the upgrade on my own but would be happy to help anyone who would take the lead. Unless the new postorius adds support for 2FA then the priorities change (but I haven't seen that in changelog)
Comment Actions
Our current Mailman deployment is a bunch of backported and forked debs with random patches thrown on top based on what we managed to fix upstream. It's not sustainable (as hopefully T286217#7406437 shows). Given that we need to get off buster anyways, I would suggest that we wait until the bookworm freeze gets more frozen and set up some lists1003 with normal Debian packages, and after some level of testing switch lists.wm.o over to the new host. The new version will have a new set of bugs, we either learn to live with them or patch via puppet.
Comment Actions
Pardon my ignorance but are partial i18n updates possible (e.g. django_mailman3/locale/) without having to upgrade the whole lot? After mailman3 was released widely there have been a number of translation fixes that we may wish to use. And since mailman3 displays its UI by default in your browser language (and it does not let you to change it), being able to regularly have our translations updated would be great IFF possible. Thank you.