Re: [ANN] Please use Gerrit from now on for Patch Review

On Wed, Jun 20, 2012 at 5:26 AM, Lionel Elie Mamane <lionel@mamane.lu> wrote:

> Ah, I understand. When the gerrit repos are the "true one source" and
> gerrit will do the "push" automatically once someone validates the
> patch in the web interface, what will "Committer" be? The one that
> uploaded the patch or the one that validated it in the web interface?

That will be dictated by the 'committer'/'author' fiels of the uploaded patch
it is not touched afaik by gerrit

> > and isn't the whole point of OpenID is 're-use'.
>
> And? That I might be able to 're-use' on another website in 5 years
> does not make it any easier or more attractive to go through a
> double-plus-more-complicated setup to get an OpenID identity
> (double-plus-more-complicated compared to clicking "register" and
> copy-pasting a random password generated by pwgen or "dd
> if=/dev/urandom count=1 bs=9 | uuencode -m foo". Plus the though
> choice of "OK, who (which OpenID provider) do I want to give the power
> to impersonate me"?)
>
> To add insult to injury, I cannot 're-use' *any* of my *existing*
> reusable authentication methods. I have an OpenPGP card, SSH keys in
> files, I have X.509 client certs (in files, on smartcard, ...),
> etc. Noooo, it has to be *yet* *another* method.

1/ I did not design nor wrote gerrit (or it would certainly not be in Java.
2/ It is a case of damned if you do, damned if you don;t.
The exact same complain about "*yet* another method" was raised
because our wiki _does_ not use OpenIDfor auth.
3/ I know that our sysadm are looking at setting up our 'own' OpenID
service, if/when that happen and is flexible enough
we may be able to patch/configure gerrit so that loggin is just one
click awya (just like google-based onpenid is today)

Norbert