Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index 

Hi,

On Wed, Jun 20, 2012 at 09:47:48PM +0200, Lionel Elie Mamane wrote:

However, our current setup *requires* an OpenID; is it an option to
make that optional (and allow people to e.g. use a "classic"
username+password for the web interface)?


no.


People like that (yes, I'm one of them) will balk at the requirement
of giving a third party (and anybody able to twist their arm... like
the surveillance agencies of governments) unlimited power to
impersonate them (to websites that use OpenID). So they'll want to run
their own OpenID end points; 


But having a third party that is as trustworthy as TDF shouldnt be too hard as
there are already lots and lots of OpenID providers. And if you are paranoid
you would use your OpenID account just for one purpose -- that will give you
enough plausible deniability.


 - local-openid looks like a godsend, but gerrit won't interoperate
   with it; I now patched it (days and hours of efforts...), so
   hopefully it will become a good solution soon :)


That sounds great for those who care about this ;)


My point is basically that it is too much of an investment for a
casual contributor... If we could make that easier by allowing plain
username+password (or exporting bugzilla accounts over OpenID? I guess
that would be *more* work), I feel it would lower the barrier to entry
to gerrit.


I think you are part of a very, very rare demographic there (no wordpress, no
google, no launchpad, no yahoo, no blogger, no myspace, no flickr) -- we
vaguely considered running a TDF OpenID provider in the distant future, but so
shied away from that for the nontrivial cost (security is hard to get right) --
your investigation of local-openid made that somewhat more of an option, but I
would wait until a second guy (in addition to you) considers this vital -- then
we can think about using your experience with local-openid (and maybe
explicitly limit that openid to only TDF services on request). But first lets
see if there is actually somebody else caring for this.

Best,

Bjoern

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.