Security conflict between Mailman web services and webserver
Tobias Hachmer points out that allowing the webserver write access to Django management files (specificially manage.py and settings.py) is a potential security risk. The situation arises because the USWGI socket is currently created under $MAILMAN3/web, and the suggested solution of "chown -R $HTTPD:mailman $MAILMAN3/web" leaves everything readable by the webserver. Probably the long-run solution is to create the socket in a different place. In the meantime this should be documented.