Dear developers, Please visit https://user.documentfoundation.org/edit (use your Single Sign-On credentials to authenticate — if you don't have an account there then please create one) and check whether you have “Gerrit” in the “Linked profiles” section. If not, then add the preferred email address of your gerrit account [0] to the form above; a confirmation token will then be delivered to that address, and “Gerrit” should appear in the “Linked profiles” section after confirmation. About 68% of the gerrit accounts who uploaded a patch set in the past 30 days are known to the Single Sign-On system. These accounts can use TDF's new OAuth2 IdP at https://gerrit.libreoffice.org/login/ i.e., authenticate through The Document Foundation's Single Sign-On system. Unfortunately, due to the way the OAuth2 plugin work, if you try a new IdP that is not linked to your existing gerrit account, then a *brand new* account is created. (This is no different than for other providers like GitHub or Google.) If that happens, then please *do not* start using the new account, instead ask us to merge them ASAP at hostmaster@documentfoundation.org (or on IRC at #tdf-infra). While merging a fresh account is painless, the logic is more brittle (there is risk of breaking referential integrity) if they're both actively used, so again please poke us ASAP. In the not too distant future, TDF's OAuth2 IdP will become the *only* way to authenticate against our gerrit instance: authenticating using other OAuth2 or OpenID providers will no longer be possible. We're unable to give a precise ETA right now, as we need a higher ratio of patchsets authors in SSO, but that will definitely be *in 2019*. Later this week we'll individually poke all recent patchsets authors that are still unknown from our Single Sign-On system. Once we deprecate other OAuth2 and OpenID providers, gerrit accounts that are still missing from SSO will be effectively *locked out* until an infra team member manually tie them up to the relevant LDAP DIT entry. FWIW finalizing the migration to TDF's OAuth2 IdP is a prerequisite for upgrading gerrit to more recent versions (with shiny new Web UI, ed25519 SSH key support, CodeMirror editor plugin, and more [1]). -- Guilhem, for The Document Foundation's infra team. [0] The one shown at https://gerrit.libreoffice.org/#/settings/ . [1] https://www.gerritcodereview.com/releases-readme.html
Attachment:
signature.asc
Description: PGP signature