Luca Filipozzi writes:
> I think that our services -- such as SCM, CI/CD, Wiki, RT, etc. --
> should evolve indepdently from the SSO infrastructure. One could argue
> that RT has a user database thatcould be used as authenticaion service
> if exposed correctly. Or the Wiki.
Let me try to
On Fri, Apr 10, 2020 at 03:26:16PM -0400, rhkra...@gmail.com wrote:
> On Friday, April 10, 2020 02:59:59 PM Neil McGovern wrote:
> > For a little while, I've been keen to see how we can improve our
> > communication methods, both to make it more accessible to newcomers
>
> Hmm, from the peanut
On Fri, Apr 10, 2020 at 02:08:01PM -0400, Sam Hartman wrote:
> > "Russ" == Russ Allbery writes:
>
> Russ> Luca Filipozzi writes:
> >> On Fri, Apr 10, 2020 at 11:48:22AM -0400, Sam Hartman wrote:
>
> >>> * Note that if you want to you can host accounts in gitlab and
> >>>
Hello,
I'll try to summarise thread with the proposal to try wrapping it up and
moving on.
The proposal: https://lists.debian.org/20200405184610.ga581...@waldi.eu.org
More details here:
https://lists.debian.org/20200407140246.jpflo4zusyr2w...@enricozini.org
I am not going into the advantages
Hi,
On Fri, Apr 10, 2020 at 12:49 AM Enrico Zini wrote:
>
> The current sso.debian.org codebase has been written by one person (me),
> deployed by one person (me), audited by nobody, and as far as I'm aware,
> nobody besides me has ever read the code.
As a group, we are driving Enrico up the
On Wed, Apr 08, 2020 at 02:23:47PM +0200, Ole Streicher wrote:
> I don't know the exact proposed rules here, but I could imagine that
> without these rules anyone cann fill the namespace of nice Debian user
> names.
If you're talking spam account flooding the namespaces, they can be
cleaned up
On Wed, Apr 8, 2020 at 14:30:43 +0200, Bastian Blank wrote:
> Hi Zhu
>
> On Wed, Apr 08, 2020 at 07:50:22PM +0800, Shengjing Zhu wrote:
> > 1. Can you still keep the "-guest" enforcement, so it's still easy to
> > recognize who is DD or not on salsa?
>
> No. The guest suffix was meant to
Le 07/04/2020 à 18:50, Sam Hartman a écrit :
>> "Xavier" == Xavier writes:
>
> Xavier> Le 07/04/2020 à 17:20, Paul Wise a écrit :
> >> On Mon, Apr 6, 2020 at 3:58 PM Bastian Blank wrote:
> >>
> >>> ## Highlevel plan
> >>
> >> I'd like to learn a bit about what the
On Friday, April 10, 2020 02:59:59 PM Neil McGovern wrote:
> For a little while, I've been keen to see how we can improve our
> communication methods, both to make it more accessible to newcomers
Hmm, from the peanut gallery, if you really want things accessible to
newcomers, it would be nice
Hi folks,
For a little while, I've been keen to see how we can improve our
communication methods, both to make it more accessible to newcomers and to
take advantage of more featureful tooling than has been traditionally
possible with email lists.
As such, I set up an instance of Discourse[0] at
> "Russ" == Russ Allbery writes:
Russ> Luca Filipozzi writes:
>> On Fri, Apr 10, 2020 at 11:48:22AM -0400, Sam Hartman wrote:
>>> * Note that if you want to you can host accounts in gitlab and
>>> have keycloak act as an OIDC consumer for gitlab. So, if you
>>> decide
Luca Filipozzi writes:
> On Fri, Apr 10, 2020 at 11:48:22AM -0400, Sam Hartman wrote:
>> * Note that if you want to you can host accounts in gitlab and have
>> keycloak act as an OIDC consumer for gitlab. So, if you decide you
>> like Gitlab as an IDP but find you need Keycloak's
On Fri, Apr 10, 2020 at 12:06:42PM +0200, Bastian Blank wrote:
> On Wed, Apr 08, 2020 at 03:18:58PM +, Luca Filipozzi wrote:
> > > - Salsa, how should it work together.
> > Gitlab can use OIDC as an OmniAuth provider.
>
> And here the problems begin.
>
> Sure, just using it as OmniAuth
On Fri, Apr 10, 2020 at 11:48:22AM -0400, Sam Hartman wrote:
> * I was right. Gitlab can work as an identity broker. They
> generally have people use keycloak to log into gitlab. However, there
> is one common app where it was easier to set up that app to consume
> gitlab than keycloak so
Hi. Speaking very much as an individual.
I just spoke to someone who runs a keycloak and gitlab instance for a
group of about 1000 users.
I wanted to inject their experience into the discussion, because having
operational experience is useful in such situations.
* The thing they like about
On Friday, April 10, 2020 9:14:43 AM EDT Sam Hartman wrote:
> TL;DR: The concern Scott raises is a good one, and I think he caught me
> out on a wording problem in the delegation text.
>
> > "Scott" == Scott Kitterman writes:
> Scott> Constitution 5.1.4 give the DPL the power to "Make
TL;DR: The concern Scott raises is a good one, and I think he caught me
out on a wording problem in the delegation text.
> "Scott" == Scott Kitterman writes:
Scott> Constitution 5.1.4 give the DPL the power to "Make any
Scott> decision for whom noone else has responsibility." Some
> "Luca" == Luca Filipozzi writes:
[All my statements in this thread have been as an individual, not as
DPL. I've offered to help Enrico facilitate consensus calling in this
discussion, and if he takes me up on that, such facilitation might not
entirely be separable from the DPL role when
Hi Luca
On Wed, Apr 08, 2020 at 03:18:58PM +, Luca Filipozzi wrote:
> > - Salsa, how should it work together.
> Gitlab can use OIDC as an OmniAuth provider.
And here the problems begin.
Sure, just using it as OmniAuth provider works. But this only provides
authentication.
But, as Sam
On Fri, Apr 10, 2020 at 09:40:45AM +0200, Enrico Zini wrote:
> If you or someone else eventually will manage to introduce a Single Sign
> On system that would take us to a next step of being able to advocate
> developers, take packaging actions, update the ssh key you use to access
> debian.org
On Mon, Apr 06, 2020 at 02:34:03PM -0500, Michael Lustfield wrote:
> I was previously involved with a company that audited various git-hosting
> services. I'm stuck behind a very strict (saw it brutally enforced) NDA, so
> please forgive the lack of specifics. Gitlab is a tool that gets many
On Thu, Apr 09, 2020 at 05:09:19AM -0500, Michael Lustfield wrote:
> It also appears that there is an intent to drop -guest naming. I haven't seen
> any technical discussion about this beyond learning about the current
> structure. I am very concerned that this will have significant consequences
22 matches
Mail list logo