Re: Salsa as authentication provider for Debian
On Wed, Apr 8, 2020 at 8:33 PM Bastian Blank wrote: > > Hi Zhu > > On Wed, Apr 08, 2020 at 07:50:22PM +0800, Shengjing Zhu wrote: > > 1. Can you still keep the "-guest" enforcement, so it's still easy to > > recognize who is DD or not on salsa? > > No. The guest suffix was meant to avoid collisions with Debian > accounts. And the tool used to enforce it is unmaintained. > > Also the only place that can for sure answer if someone is DD is > nm.debian.org, not Salsa. > Sigh, but it makes sense too. Will nm.d.o have a field which reflects the username on salsa? Although it takes multi steps to figure out the user status when you click a "Request to join" link sent by salsa. -- Shengjing Zhu
Re: Salsa as authentication provider for Debian
On Wed, Apr 8, 2020 at 8:13 PM Ulrike Uhlig wrote: > > Hi! > > On 08.04.20 13:50, Shengjing Zhu wrote: > > On Mon, Apr 6, 2020 at 11:58 PM Bastian Blank wrote: > > > 1. Can you still keep the "-guest" enforcement, so it's still easy to > > recognize who is DD or not on salsa? > > Could you explain a bit better why you think that this is needed? > > I understand you want to recognize DDs from other contributors, but why? > Does it help you with permissions, does it help understand who someone > is, or is it a habit that has been there since Alioth? For me, it's easier to trust a DD than a non-DD, so I'll grant a role with higher permission if they request to join a team/project. -- Shengjing Zhu
Re: Salsa as authentication provider for Debian
On Wed, Apr 8, 2020 at 7:50 PM Shengjing Zhu wrote: [...] > 1. Can you still keep the "-guest" enforcement, so it's still easy to > recognize who is DD or not on salsa? The reason why I ask for this is because 1. If a -guest account is added to a project in salsa Debian group, the group name is also shown on the personal profile. 2. Users can make their profile private, so you don't know what group they belong to. 3. To search in the Debian group member page takes too many steps. If there's an easy way I'm not aware of, then I'm fine with it. -- Shengjing Zhu
Re: Salsa as authentication provider for Debian
On Mon, Apr 6, 2020 at 11:58 PM Bastian Blank wrote: [...] > ## Highlevel plan > > - Salsa becomes primary source of user info and authentication for secondary > services via OpenID Connect (OAuth2), for both DDs and non-DDs, replacing > sso.debian.org. > - Salsa allows user renames and drops namespace rules for users (i.e., no more > requirement for -guest suffix). > - nm.debian.org uses Salsa usernames by default to populate LDAP usernames > when > creating accounts, and stores OIDC subject to strongly correlate between > Salsa and Debian LDAP users. > > ## Fixed problems > > - We get a user source everyone can use both as service provider and user. > - Users can rename themselves before becoming DDs, and retain all information > both on Salsa and on other services. This also works while transitioning > between non-DD and DD, and back. > 1. Can you still keep the "-guest" enforcement, so it's still easy to recognize who is DD or not on salsa? 2. For transition between non-DD and DD, could salsa admin rename the username by requests? For 1, I think it doesn't make the original plan more complicated. For 2, I think it doesn't either, as you already plan to support renaming. -- Shengjing Zhu
Re: Question to all: Outreach
On Wed, Mar 18, 2020 at 8:12 PM Ulrike Uhlig wrote: > > Hello! > > On 18.03.20 12:01, Shengjing Zhu wrote: > > On Wed, Mar 18, 2020 at 5:26 PM Daniel Lange wrote: > > [...] > >> As Debian can afford paying for its interns itself, we do. > > > > This looks bad to me. Should Debian pay directly to its contributors? > > PS, IMO it's totally fine that other parties to pay Debian > > contributors, like the LTS program. > > Why not? > > The money comes from people and companies who explicitly support Debian > to do this work, just like the work on LTS. > > This investment is aiming at making Debian a more diverse community, > which it currently isn't (1010 DDs, out of which less than 30, last time > I counted, are female, trans, inter, queer aka. FTIQ*). > Research has shown [1] that this is due to a variety of reasons, one of > which is the lack of free time or financial support and free time for > these people. > > We are talking about a total payment of 5000 USD (minus taxes for the > contributors according to their country's tax law) per intern. This > money is not received for nothing but for doing three months of > full-time work that advances a variety of projects in Debian. > > After which interns generally continue to contribute for free, if the > mentoring program hasn't been horribly bad at supporting them to do so. > Just to clarify, I appreciate all the mentoring/diverse works. If Outreachy program is same as GSoC, which is paid by a company, I have no doubt about it. I only concerns that Debian pays _directly_. -- Shengjing Zhu
Re: Question to all: Outreach
On Wed, Mar 18, 2020 at 5:26 PM Daniel Lange wrote: [...] > As Debian can afford paying for its interns itself, we do. This looks bad to me. Should Debian pay directly to its contributors? PS, IMO it's totally fine that other parties to pay Debian contributors, like the LTS program. -- Shengjing Zhu
Re: Question to all: Outreach
On Wed, Mar 18, 2020 at 5:17 AM Hector Oron wrote: [...] > > There are many people in Debian who were GSoC students and are active > > Debian contributors, DMs, DDs. In which way does Outreachy differ from > > GSoC from a Debian point of view - besides the fact that it explicitly > > encourages people from underrepresented communities and non-students? > It's still not clear to me the difference between GSoC and Outreachy program. IIUC, GSoC interns are paid by Google, which I appreciate their generosity. But who pays Outreachy interns? Is this the same that some companies pay for it? like the companies logo on https://www.outreachy.org/. However I'm confused that Debian is listed as sponsor on https://www.outreachy.org. Why Debian sponsors other programs while Debian needs others' sponsors? -- Shengjing Zhu
