Infra announce: Authenticating against gerrit using TDF's Single Sign-On system

Dear developers,

Please visit https://user.documentfoundation.org/edit (use your Single
Sign-On credentials to authenticate — if you don't have an account there
then please create one) and check whether you have “Gerrit” in the
“Linked profiles” section. If not, then add the preferred email address
of your gerrit account [0] to the form above; a confirmation token will
then be delivered to that address, and “Gerrit” should appear in the
“Linked profiles” section after confirmation.

About 68% of the gerrit accounts who uploaded a patch set in the past 30
days are known to the Single Sign-On system. These accounts can use TDF's
new OAuth2 IdP at https://gerrit.libreoffice.org/login/ i.e., authenticate
through The Document Foundation's Single Sign-On system.

Unfortunately, due to the way the OAuth2 plugin work, if you try a new IdP
that is not linked to your existing gerrit account, then a *brand new*
account is created. (This is no different than for other providers like
GitHub or Google.) If that happens, then please *do not* start using the
new account, instead ask us to merge them ASAP at hostmaster@documentfoundation.org
(or on IRC at #tdf-infra). While merging a fresh account is painless, the
logic is more brittle (there is risk of breaking referential integrity) if
they're both actively used, so again please poke us ASAP.

In the not too distant future, TDF's OAuth2 IdP will become the *only* way
to authenticate against our gerrit instance: authenticating using other
OAuth2 or OpenID providers will no longer be possible. We're unable to
give a precise ETA right now, as we need a higher ratio of patchsets
authors in SSO, but that will definitely be *in 2019*. Later this week
we'll individually poke all recent patchsets authors that are still
unknown from our Single Sign-On system. Once we deprecate other OAuth2
and OpenID providers, gerrit accounts that are still missing from SSO will
be effectively *locked out* until an infra team member manually tie them
up to the relevant LDAP DIT entry.

FWIW finalizing the migration to TDF's OAuth2 IdP is a prerequisite for
upgrading gerrit to more recent versions (with shiny new Web UI, ed25519
SSH key support, CodeMirror editor plugin, and more [1]).

Not that my confusion is significant, but I just thought I'd mention I have no idea what gerrit is, have no gerrit account, and have no idea of the broader context of this message.

My confusion may relate to my single failed attempt to share some sample documentation by attaching a doc to a message to this list. I think that probably tells you just how much of a newbie I am. But there's also a chance it indicates it's not so easy to get the big picture of the processes one is supposed to follow, to contribute to this free documentation effort.

luke

I also have no idea what Gerrit is, but the mail started with "Dear developpers" so I quessed it was only ment for developpers, which I am not.

Greetings, Kees

Luke (gmail) schreef op 17.09.2019 07:57:

Please keep in mind that messages sent to a mailing list have potentially a large number of receivers. And typically a messages is not directed to individuals. Use the preferred search engine to find out what Gerrit is used for:

https://en.wikipedia.org/wiki/Gerrit_(software)
https://wiki.documentfoundation.org/Development/gerrit
(In a nutshell: Gerrit is used to receive, integrate, and review the source code from all developers)

And ideally improve the documentation, if you think it's needed :-).

Cheers,
Heiko

PS: The tech-talk by our infra people deserves some clarification: OAuth2 IdP, LDAP DIT entry, ed25519
SSH key support, CodeMirror editor plugin... not to mention ASAP, FWIW etc.

https://wiki.documentfoundation.org/Development/gerrit

Don't read to much...
" This is the entry page on the code review tool gerrit.libreoffice.org
and how to use it in LibreOffice. "

But gerrit is also used for some other review processes. E.g. membership
applications.

Hi Luke

Gerrit and Documentation intersects when we update or write a Help page.
In case you are curious (and bold to jump into the Help editing), you
may want to read this:

https://wiki.documentfoundation.org/Documentation/GerritEditing

Kind regards
Olivier