Mailman is the single longest piece of software the Movement has used. It was used by Nupedia and predates MediaWiki.
Mailman2 is bad. No mobile support, archives are inflexible (no search), very bad security practices, no real database for storage .
Decided to migrate in batches, set up a way for Mailman3 to coexist with Mailman2. Amir aka Ladsgroup kicked off the effort and then I joined him. Lots of volunteers and other staff helped with testing and debugging throughout the process.
Discovered a security bug in Mailman2, it was keeping archives for mailing lists that were set to not keep archives (board, legal, lgbt)
Then we started migrating, learned that no one had really tested Mailman3 on MariaDB, the database we use. Anyone who had an emoji in their name was rejected. Oops.
Discovered a security bug in Mailman3, when migrating private lists, archives would be public until the import finished. Big oops.
Worked well with upstream in getting our stuff fixed.
WMF funded a security audit last month, team is working on resolving those, the worst has been fixed and was an issue in a dependency.
