This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
Content-Type: text/plain; charset=utf-8
On 06/17/2016 04:55 PM, Barak Korren wrote:
As long as we allow more then one provider, and also allow for some
ones like Fedora its not bad at all IMO. And it has the nice benofit
not having to secure any user credential database on our infra.
It's not bad, just better to have choice not to rely on them if you (as
a user) wish IMO.
Also I though having a direct compatibility with MM2 would ease
transition (as pointed out by Evgheni), but this is not an option right n=
We've been using that approach on oVirt Gerrit forever, and are
at ways to expand it to other parts of the infra.
Forever is irrelevant. If it suits the projects' needs in the contrary,
then let's do this way.
Long term we would probaly like all authentication done against
prividers via some sort of an sso layer, while authorization will be
based on group assignments in Gerrit.
Maybe freeipa could help building this. I think Misc as more experience
with this; he could probably give some advice.
So as for now:
- Google OAuth: enabled but not working yet, waiting to have access to
data to create the API credentials
- Fedora: works well, tested with Misc's account
- Persona: works well
- OpenID: tested with LaunchPad/UbuntuOne, works well but URL has to
be entered manually, so maybe the page could be tweaked to have links
like in Gerrit
Would it be sufficient to begin with?
I think we should warn users they would need to have their email address
registered on some provider if not already done (in the announcement).
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----