In about 6 months from now or later, so in or after September 2017, do a password rotation of all the passwords for users to access the arbcom-l list archives.
This is about https://wikitech.wikimedia.org/wiki/Mailman#Alter_arbcom-l_archive_access_list and an example ticket where passwords were updated in the past is T157097.
We want to switch from using deprecated "htdigest" (which is for example not supported by nginx) to using "htpasswd" and rotate the passwords while doing that.
Coordinate this with @Jalexander
The waiting is because we _just_ switched new passwords for 9 of the 24 users and don't want to bother them with another change. But a regular rotation every 6 months or so seems reasonable and good for security.