On Wed, 20 Jul 2022, 12:39 am Kenny Duffus, <ke...@kde.org> wrote: > On 19 July 2022 13:46:36 CEST, "Joseph P. De Veaugh-Geiss" <jos...@kde.org> > wrote: > >Hello, > > > >On 7/18/22 17:47, Ingo Klöcker wrote: > >> One idea is to allow signing in with different commonly used identity > providers > >> (like Google, etc.) for our more user-centric websites where we cannot > expect > >> most people to have an account at invent.kde.org already. > >> > > > >Is there not a potential tracking issue with allowing Google or other > data-mining companies to be KDE's identity provider? [1] > > > > this is only suggested for the user facing sites. those with a > gitlab/identity account would login with that account to them as well as > our non user services > > however this doesn't seem to offer any good privacy respecting option for > our users to use > > >This seems to me to be at odds with KDE's vision: "A world in which > everyone has control over their digital life and enjoys freedom and > privacy." > > > >Of course one could argue it is the user's choice to use the service, but > embedding such services in KDE's infrastructure suggests our community > condones this kind of (potential) tracking. > > > > I agree > > education of privacy is something we also aim for and sending a message > that this is "normal" seems off > > Is there any other OIDC option that isn't good enough to replace identity > but could function ok for basic accounts for users? I know running more > stuff isn't great? >
Our user facing sites were excluded from the original proposal. They will be outside our universal accounts system as there is only a small number of them (2 that I can think of - Forum and Bugzilla) and the benefit of linking them in is small (with colossal costs). Users will directly register on those sites. Cheers, Ben