The security model of mailman was maybe good enough 20 years ago, but is currently very much out of date. AAA stands for Authentication, Authorization and Accounting. In the case of lists:
- Authentication: Currently I have dozens of lists I am subscribed to with passwords, for admins of lists we have different passwords and these are shared among admins. I should just be able to login with OATH/LDAP or the likes
- Authorization: If we know who is who we can assign roles (member, moderator, admin, maybe more) to people
- Accounting: This is for bonus points: Who did what? For example who allowed/denied an email in moderation
I'm pretty sure this isn't available for mailman yet so this isn't going to be easy at all. Two possible approaches:
- Implement this in Mailman (upstream)
- Switch to different software with similar functionality
Both major undertakings.