Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

2014-08-26 9:48 GMT+02:00 Christian Schmitt :

> Is there a way to merge user accounts? Currently my github Account is
> c-schmitt, while my Trac user account ist merb.
>

Technically, there's no such thing as a Trac account, just a username
attached to tickets and comments.

I spent some time Googling for a script that would make these changes
automatically, but I couldn't find one.

See https://groups.google.com/forum/#!topic/trac-users/lpA2qSWgOPM for a
rough idea of what's needed.

If someone finds a reasonably good-looking script to perform this task,
I'll run it for users who request it.

-- 
Aymeric.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CANE-7mUm-LZOQ7VDJPWvaUhb5KJmfFZ-LnG4smYBRp98Dc7oxA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Christian Schmitt]

Is there a way to merge user accounts? Currently my github Account is 
c-schmitt, while my Trac user account ist merb.




—
Best Regards

Christian Schmitt
c.schm...@briefdomain.de




Am 24.08.2014 um 21:52 schrieb Ben Finney :

> Aymeric Augustin
> 
> writes:
> 
>> Contributors who refuse GitHub's ToS can participate on Trac again.
> 
> For working to fix this, and for acknowledging these people are
> contributors: Thank you!
> 
> -- 
> \   “Truth is stranger than fiction, but it is because fiction is |
>  `\ obliged to stick to possibilities, truth isn't.” —Mark Twain, |
> _o__)  _Following the Equator_ |
> Ben Finney
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/8538clzmv8.fsf%40benfinney.id.au.
> For more options, visit https://groups.google.com/d/optout.



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Requiring GitHub login for actions on Trac

[Ben Finney]

Aymeric Augustin

writes:

> Contributors who refuse GitHub's ToS can participate on Trac again.

For working to fix this, and for acknowledging these people are
contributors: Thank you!

-- 
 \   “Truth is stranger than fiction, but it is because fiction is |
  `\ obliged to stick to possibilities, truth isn't.” —Mark Twain, |
_o__)  _Following the Equator_ |
Ben Finney

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/8538clzmv8.fsf%40benfinney.id.au.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Shai Berger]

On Sunday 24 August 2014 20:44:30 Aymeric Augustin wrote:
> 
> Eventually, I managed to set up DjangoProject and GitHub auth in parallel.
> 
> Contributors who refuse GitHub's ToS can participate on Trac again.
> 
> Issues created by username mismatches have been dealt with.

Thanks, Aymeric, for enabling participation on Trac with no GitHub account.

In view of this, adding other OAuth providers has become much less important 
for me, and I have put it on the "some day, maybe" shelf. If it is important 
to any of you, I may be able to assisst you in getting it up, but you'll 
probably need to lift most of the weight yourself.

Shai.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/201408242134.00503.shai%40platonix.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

On 9 août 2014, at 21:21, Aymeric Augustin  
wrote:

> I tried to support both Trac auth and GitHub auth but I couldn't make it work.

Eventually, I managed to set up DjangoProject and GitHub auth in parallel.

Contributors who refuse GitHub's ToS can participate on Trac again.

Issues created by username mismatches have been dealt with.

-- 
Aymeric.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/18929FCA-61E8-4D43-8662-2AD319F2F109%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Russell Keith-Magee]

I've just updated the wiki homepage, restoring a few pieces of content from
the older page. I agree most of the old content wasn't relevant any more,
so the changes are mostly about the tone of the page. Hopefully the content
in the new version is a little more inviting to newcomers.

I'm sure there are other improvements that could be made - in particular, I
think the release process section could benefit from a little more
elaboration, highlighting the fact that 1.8 development is underway.
Suggestions welcome!

Russ %-)



On Fri, Aug 15, 2014 at 8:28 AM, Russell Keith-Magee <
russ...@keith-magee.com> wrote:

>
> On Thu, Aug 14, 2014 at 7:20 PM, Aymeric Augustin <
> aymeric.augustin.2...@polytechnique.org> wrote:
>
>> Hi Russell,
>>
>> It seemed to me that this page wasn't nearly as good an introduction to
>> contributing to Django as the contributing guide from the official docs, so
>> I trimmed it and pointed to the docs instead.
>>
>> In fact, I started by removing incorrect or outdated information — for
>> instance, the workflow described in the page dated back to the pre-git era,
>> replacing get_absolute_url appeared to be the main current project while no
>> one has worked on it for years, etc. A few minutes later there was so
>> little left that I simply rewrote the page.
>>
>> Generally speaking, I don't believe we'll ever manage to keep the wiki
>> sufficiently accurate and up to date to make it useful. Last year I tried
>> to look for spam links (with a script) and scrub them, but there were so
>> many that I gave up. In my opinion, the viable alternative to our
>> self-hosted wiki is called the World Wide Web :-)
>>
>> Feel free to restore and perhaps update the previous content. I believe
>> it did more harm than good, but as long as it remains clear that you need
>> to authenticate before you can file a ticket, we'll be all right!
>>
>> Hi Aymeric,
>
> Your reasoning makes sense - I can't argue that some of the content there
> was a bit stale. However I think there's a middle ground - that particular
> page is the landing page for people who want to contribute, so it needs a
> bit more than a curt "get thyself a github account".
>
> I'll work on improving what's there.
>
> Russ %-)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAJxq849niPEps6V16eSwXedvBF3UC2NfpLSHxS7PE-JA5nF%3DsQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Ola Sitarska]

I think that much better option would be to link "Code" in header of 
djangoproject.com to 
this: https://docs.djangoproject.com/en/1.6/internals/contributing/ and 
make this a landing page for people who want to contribute. 

As a newbie contributor I found it super helpful :)

On Friday, August 15, 2014 2:29:02 AM UTC+2, Russell Keith-Magee wrote:
>
>
> On Thu, Aug 14, 2014 at 7:20 PM, Aymeric Augustin <
> aymeric.au...@polytechnique.org > wrote:
>
>> Hi Russell,
>>
>> It seemed to me that this page wasn't nearly as good an introduction to 
>> contributing to Django as the contributing guide from the official docs, so 
>> I trimmed it and pointed to the docs instead.
>>
>> In fact, I started by removing incorrect or outdated information — for 
>> instance, the workflow described in the page dated back to the pre-git era, 
>> replacing get_absolute_url appeared to be the main current project while no 
>> one has worked on it for years, etc. A few minutes later there was so 
>> little left that I simply rewrote the page.
>>
>> Generally speaking, I don't believe we'll ever manage to keep the wiki 
>> sufficiently accurate and up to date to make it useful. Last year I tried 
>> to look for spam links (with a script) and scrub them, but there were so 
>> many that I gave up. In my opinion, the viable alternative to our 
>> self-hosted wiki is called the World Wide Web :-)
>>
>> Feel free to restore and perhaps update the previous content. I believe 
>> it did more harm than good, but as long as it remains clear that you need 
>> to authenticate before you can file a ticket, we'll be all right!
>>
>> Hi Aymeric,
>
> Your reasoning makes sense - I can't argue that some of the content there 
> was a bit stale. However I think there's a middle ground - that particular 
> page is the landing page for people who want to contribute, so it needs a 
> bit more than a curt "get thyself a github account". 
>
> I'll work on improving what's there.
>
> Russ %-)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/7ee2ad46-f0db-4d5f-be70-83d2f1dabf80%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Russell Keith-Magee]

On Thu, Aug 14, 2014 at 7:20 PM, Aymeric Augustin <
aymeric.augustin.2...@polytechnique.org> wrote:

> Hi Russell,
>
> It seemed to me that this page wasn't nearly as good an introduction to
> contributing to Django as the contributing guide from the official docs, so
> I trimmed it and pointed to the docs instead.
>
> In fact, I started by removing incorrect or outdated information — for
> instance, the workflow described in the page dated back to the pre-git era,
> replacing get_absolute_url appeared to be the main current project while no
> one has worked on it for years, etc. A few minutes later there was so
> little left that I simply rewrote the page.
>
> Generally speaking, I don't believe we'll ever manage to keep the wiki
> sufficiently accurate and up to date to make it useful. Last year I tried
> to look for spam links (with a script) and scrub them, but there were so
> many that I gave up. In my opinion, the viable alternative to our
> self-hosted wiki is called the World Wide Web :-)
>
> Feel free to restore and perhaps update the previous content. I believe it
> did more harm than good, but as long as it remains clear that you need to
> authenticate before you can file a ticket, we'll be all right!
>
> Hi Aymeric,

Your reasoning makes sense - I can't argue that some of the content there
was a bit stale. However I think there's a middle ground - that particular
page is the landing page for people who want to contribute, so it needs a
bit more than a curt "get thyself a github account".

I'll work on improving what's there.

Russ %-)

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAJxq84-qGpJL6vS4YQgVj0ERkM_9zkPm9aQTriKehtWMhEi7pQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Danilo Bargen]

I just discovered this change (require Github for login) today and had a 
hard time finding this discussion. Maybe a link in the wiki would help?

While I agree with the decision to move on to Github Login (finally no more 
basic auth!) I'd like to have a way to merge my two accounts. Especially 
the ticket history and the notification settings. Right now there seems to 
be no way to turn off notification for tickets that are being tracked with 
the "old" account. While I use the same username (and AFAIR even e-mail) on 
both accounts, the accounts apparently haven't been merged.

Is there a way to merge accounts? Maybe by writing an e-mail to someone? 
And if yes, could we put that in the wiki?

Cheers
Danilo

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/aac1cac5-3b8f-4589-8c04-0d0acbce30ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Collin Anderson]

I was looking at the wiki page myself a few weeks ago an noticed it was 
horribly out of date. I might be nice to keep that page minimal (maybe just 
a few links to other pages) because normal users aren't allowed to edit it.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/a0109f88-237e-4ad8-abbb-f00144850bdc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

Hi Russell,

It seemed to me that this page wasn't nearly as good an introduction to 
contributing to Django as the contributing guide from the official docs, so I 
trimmed it and pointed to the docs instead.

In fact, I started by removing incorrect or outdated information — for 
instance, the workflow described in the page dated back to the pre-git era, 
replacing get_absolute_url appeared to be the main current project while no one 
has worked on it for years, etc. A few minutes later there was so little left 
that I simply rewrote the page.

Generally speaking, I don't believe we'll ever manage to keep the wiki 
sufficiently accurate and up to date to make it useful. Last year I tried to 
look for spam links (with a script) and scrub them, but there were so many that 
I gave up. In my opinion, the viable alternative to our self-hosted wiki is 
called the World Wide Web :-)

Feel free to restore and perhaps update the previous content. I believe it did 
more harm than good, but as long as it remains clear that you need to 
authenticate before you can file a ticket, we'll be all right!

-- 
Aymeric.

> Le 13 août 2014 à 01:21, Russell Keith-Magee  a 
> écrit :
> 
> Hi Aymeric,
> 
> I just noticed that the content on the wiki homepage has been massively 
> altered, replaced with a "please login with GitHub" text. Was this change 
> deliberate?
> 
> The wiki landing page is linked from the homepage as code.djangoproject.com, 
> and has always held a collection of useful information about what someone who 
> wants to contribute could do. As it currently stands, code.djangoproject.com 
> doesn't serve as a very inviting introduction to potential contributors. 
> Would you object to me restoring the older content, merging it with the 
> "please login with GitHub text"?
> 
> Russ %-)
> 
> 
> 
>> On Sun, Aug 10, 2014 at 5:36 PM, Aymeric Augustin 
>>  wrote:
>> Don't worry, I remapped permissions to GitHub usernames. Curtis, I 
>> lowercased your username, you should still have admin rights.
>> 
>> There were a few usernames I had never seen and couldn't identify. If you 
>> think you lost permissions, please get in touch privately.
>> 
>> As said earlier by Florian, it's always been possible to put any username 
>> when commenting anonymously, and that has never been an issue.
>> 
>> Trac accounts only store the username to save the need to type it every time 
>> (and notification preferences but we use django-updates instead).
>> 
>> The core dev highlighting hasn't been fixed yet, but it's just a cosmetic 
>> thing, it doesn't give any permissions.
>> 
>> --
>> Aymeric.
>> 
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-developers+unsubscr...@googlegroups.com.
>> To post to this group, send email to django-developers@googlegroups.com.
>> Visit this group at http://groups.google.com/group/django-developers.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/5757E2E5-5496-4C59-A99E-87B5BC1AD276%40polytechnique.org.
>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/CAJxq8494XsVQXQb-fda%2BA_CV0fXRGt916KZ-AseTRGYcO9LiJA%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/C6A78494-09CB-4B21-A968-F818A35234A0%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Russell Keith-Magee]

Hi Aymeric,

I just noticed that the content on the wiki homepage has been massively
altered, replaced with a "please login with GitHub" text. Was this change
deliberate?

The wiki landing page is linked from the homepage as code.djangoproject.com,
and has always held a collection of useful information about what someone
who wants to contribute could do. As it currently stands,
code.djangoproject.com doesn't serve as a very inviting introduction to
potential contributors. Would you object to me restoring the older content,
merging it with the "please login with GitHub text"?

Russ %-)



On Sun, Aug 10, 2014 at 5:36 PM, Aymeric Augustin <
aymeric.augus...@polytechnique.org> wrote:

> Don't worry, I remapped permissions to GitHub usernames. Curtis, I
> lowercased your username, you should still have admin rights.
>
> There were a few usernames I had never seen and couldn't identify. If you
> think you lost permissions, please get in touch privately.
>
> As said earlier by Florian, it's always been possible to put any username
> when commenting anonymously, and that has never been an issue.
>
> Trac accounts only store the username to save the need to type it every
> time (and notification preferences but we use django-updates instead).
>
> The core dev highlighting hasn't been fixed yet, but it's just a cosmetic
> thing, it doesn't give any permissions.
>
> --
> Aymeric.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/5757E2E5-5496-4C59-A99E-87B5BC1AD276%40polytechnique.org
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAJxq8494XsVQXQb-fda%2BA_CV0fXRGt916KZ-AseTRGYcO9LiJA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Daniel Greenfeld]

On Sunday, August 10, 2014 2:37:01 AM UTC-7, Aymeric Augustin wrote:

 

Using GitHub for auth a giant +1 from me. 

For me, this ranks up with the SVN to Github move as a: "Why hasn't this 
been done already?"

Daniel Greenfeld
co-author Two Scoops of Django

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/c71e5f12-822f-45d9-9880-149ae1e79061%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Thorsten Sanders]

Am 09.08.2014 21:21, schrieb Aymeric Augustin:

I tried to support both Trac auth and GitHub auth but I couldn't make it work.

The argument that "I use GitHub but maybe someone else doesn't want to" came up 
a few times in this discussion. It seems to me that it's a theoretical concern about an 
issue that doesn't exist in practice. That's why I asked for evidence that GitHub auth is 
alienating valuable contributors; I haven't seen such evidence yet.

I think the discussion is on the wrong mailing list, I assume alot ppl 
here contribute active and use github anyway, but what is with the users 
who report bugs?
Myself I never used trac dont contribute code kinda only listening here 
to know about changes ahead of time, but if I would have found a bug and 
dont have github account, I wouldnt register on a 3rd site just to fill 
in a bug report on another site.
Personally I never register on a site which dont give me the  choice to 
register directly with that site, I dont like to share what sites I use, 
how often and at what times I login there with other sites.
Myself I use usually python-social-auth so ppl who prefer the oauth way 
have a wide variety to choose from and also a direct registration for 
ppl like me who prefer that way.







--
You received this message because you are subscribed to the Google Groups "Django 
developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/53E7492A.5080204%40gmx.net.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

Don't worry, I remapped permissions to GitHub usernames. Curtis, I lowercased 
your username, you should still have admin rights.

There were a few usernames I had never seen and couldn't identify. If you think 
you lost permissions, please get in touch privately.

As said earlier by Florian, it's always been possible to put any username when 
commenting anonymously, and that has never been an issue.

Trac accounts only store the username to save the need to type it every time 
(and notification preferences but we use django-updates instead).

The core dev highlighting hasn't been fixed yet, but it's just a cosmetic 
thing, it doesn't give any permissions.

-- 
Aymeric.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/5757E2E5-5496-4C59-A99E-87B5BC1AD276%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Curtis Maloney]

I ran into that exact problem when djangopackages changed... case mis-match
meant it took months before I had access again.


On 10 August 2014 09:35, Luke Granger-Brown  wrote:

> My only concern with this is the thing with the usernames, whereby some
> people don't use the same username on Trac as on GitHub, and that accounts
> are automatically munged together if they have the same username.
>
> As a demonstration, I found someone with the core developer tag on Trac
> (lukeplant) who didn't have a corresponding GitHub account (his is
> spookylukey), and created a GitHub account with that username and tried
> logging in to Trac. As expected, it just logged me into their Trac account.
>
> I'm not sure if this is a concern at all, but thought it was probably
> worth bringing up, or at least having some method for resolving it (some
> sort of horrific map between GitHub and Trac accounts?) It's probably
> slightly more concerning if there are people like that with greater
> privileges on Trac, which I don't believe is the case.
>
> Luke
>
>
> On Sun, Aug 10, 2014 at 12:13 AM, Wim Feijen  wrote:
>
>> Nice :)
>>
>>
>> On Saturday, 9 August 2014 21:22:07 UTC+2, Aymeric Augustin wrote:
>>
>>
>>> > Uhmm... but I see you moved forward and already did it?
>>>
>>> Yes, I did.
>>>
>>> --
>>> Aymeric.
>>>
>>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To post to this group, send email to django-developers@googlegroups.com.
>> Visit this group at http://groups.google.com/group/django-developers.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/0dae599b-afcf-4a41-8c2b-75fead33754b%40googlegroups.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CALE3ZjWgUyBYmN22__Qr0ikj-0M8wo2KjgmJzPVyrwYQJ6gpPQ%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAG_XiSBtT0hB%3DAsiP8jvWsSgb6FNPxbTgEeWSVDV25q7pRnMGw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Luke Granger-Brown]

My only concern with this is the thing with the usernames, whereby some
people don't use the same username on Trac as on GitHub, and that accounts
are automatically munged together if they have the same username.

As a demonstration, I found someone with the core developer tag on Trac
(lukeplant) who didn't have a corresponding GitHub account (his is
spookylukey), and created a GitHub account with that username and tried
logging in to Trac. As expected, it just logged me into their Trac account.

I'm not sure if this is a concern at all, but thought it was probably worth
bringing up, or at least having some method for resolving it (some sort of
horrific map between GitHub and Trac accounts?) It's probably slightly more
concerning if there are people like that with greater privileges on Trac,
which I don't believe is the case.

Luke


On Sun, Aug 10, 2014 at 12:13 AM, Wim Feijen  wrote:

> Nice :)
>
>
> On Saturday, 9 August 2014 21:22:07 UTC+2, Aymeric Augustin wrote:
>
>
>> > Uhmm... but I see you moved forward and already did it?
>>
>> Yes, I did.
>>
>> --
>> Aymeric.
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/0dae599b-afcf-4a41-8c2b-75fead33754b%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CALE3ZjWgUyBYmN22__Qr0ikj-0M8wo2KjgmJzPVyrwYQJ6gpPQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Wim Feijen]

Nice :)

On Saturday, 9 August 2014 21:22:07 UTC+2, Aymeric Augustin wrote:
 

> > Uhmm... but I see you moved forward and already did it? 
>
> Yes, I did. 
>
> -- 
> Aymeric. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/0dae599b-afcf-4a41-8c2b-75fead33754b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

Hi Wim,

Thanks your your feedback.

On 9 août 2014, at 12:00, Wim Feijen  wrote:

> I am in favour of *adding* github as an authentication tool. We would benefit 
> immensily for making it easier for new people to log in and contribute. Would 
> it be possible to add that to Trac, so people who have moral constraints 
> against using github, could use the trac login?

I tried to support both Trac auth and GitHub auth but I couldn't make it work.

The argument that "I use GitHub but maybe someone else doesn't want to" came up 
a few times in this discussion. It seems to me that it's a theoretical concern 
about an issue that doesn't exist in practice. That's why I asked for evidence 
that GitHub auth is alienating valuable contributors; I haven't seen such 
evidence yet.

> In practice, almost all my contributions are made anonymous because that is 
> faster for me, and I would definitely benefit from having a github oath.

Good!

> Uhmm... but I see you moved forward and already did it?

Yes, I did.

-- 
Aymeric.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/3E7DDD6A-6D20-4735-9E15-0F76F20DD245%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Wim Feijen]

>
> Hi Aymeric,


Thanks for your proposal and your work on this! 

I am in favour of *adding* github as an authentication tool. We would 
benefit immensily for making it easier for new people to log in and 
contribute. Would it be possible to add that to Trac, so people who have 
moral constraints against using github, could use the trac login?

In practice, almost all my contributions are made anonymous because that is 
faster for me, and I would definitely benefit from having a github oauth.

Uhmm... but I see you moved forward and already did it?

Wim 

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/e166ce09-e5db-470e-8535-943977dd248e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Shai Berger]

On Saturday 09 August 2014 01:38:32 Curtis Maloney wrote:
> For what it's worth, I can understand the opposition to requiring a GH
> login [ostensibly a "coders" account] in order to make comments on tickets.
> 
> However, if you're opinionated on a ticket you're either a coder, or feel
> strongly enough to overcome such a [low] hurdle.
> 
> Still, options of more than just GH would dissipate this issue...

As Aymeric noted (but it might have been "hidden" by the whole argument), 
Github is currently implemented; other options are welcome, but someone needs 
to add them.

> those
> without GH, BB and Twtitter accounts would be few, I'm sure, and tools like
> python-oauth-toolkit give you many options easily.
> 

I, personally, had Google and StackExchange in mind. I will probably add them, 
if all goes well and nobody opposes it, within two weeks (I am currently on a 
family vacation with busy days and a flaky connection).

> Does this debate include removing the _existing_ auth?
> 

Having both auth's together is problematic (perhaps it can be done, but again, 
somebody needs to do it). At the moment, you cannot login with a 
djangoproject.com user.

Shai.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/201408090335.17664.shai%40platonix.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Curtis Maloney]

For what it's worth, I can understand the opposition to requiring a GH
login [ostensibly a "coders" account] in order to make comments on tickets.

However, if you're opinionated on a ticket you're either a coder, or feel
strongly enough to overcome such a [low] hurdle.

Still, options of more than just GH would dissipate this issue... those
without GH, BB and Twtitter accounts would be few, I'm sure, and tools like
python-oauth-toolkit give you many options easily.

Does this debate include removing the _existing_ auth?

--
C



On 8 August 2014 17:46, Aymeric Augustin  wrote:

> 2014-08-08 8:55 GMT+02:00 Ben Finney :
>
>> Aymeric Augustin
>> 
>> writes:
>>
>> > You're right. Then just remove "to submit pull requests" from my
>> > argument and it still holds, simply because the vast majority of the
>> > Django ecosystem is on GitHub, and you can't participate meaningfully
>> > without GitHub.
>>
>> You can, at present, participate in Django's bug tracker without a
>> GitHub account.
>>
>
> The "Django ecosystem" includes third-party apps, most of which
> use GitHub issues for bug tracking.
>
>
>> The bug tracker contributions don't count, then? You consider
>> participation in bug tracker discussions to be meaningless?
>
>
> Would you mind avoiding strawman arguments?
>
> --
> Aymeric.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CANE-7mUMrhB1L7ej%3DN1hE70CFV_EiwBG16bV6FSVCUnU6ZOgkw%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAG_XiSAwYNpBSn0XH17og4Bd0YStCMcGrz5e0MLGfHoe%3Ds6O8g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

2014-08-08 8:55 GMT+02:00 Ben Finney :

> Aymeric Augustin
> 
> writes:
>
> > You're right. Then just remove "to submit pull requests" from my
> > argument and it still holds, simply because the vast majority of the
> > Django ecosystem is on GitHub, and you can't participate meaningfully
> > without GitHub.
>
> You can, at present, participate in Django's bug tracker without a
> GitHub account.
>

The "Django ecosystem" includes third-party apps, most of which
use GitHub issues for bug tracking.


> The bug tracker contributions don't count, then? You consider
> participation in bug tracker discussions to be meaningless?


Would you mind avoiding strawman arguments?

-- 
Aymeric.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CANE-7mUMrhB1L7ej%3DN1hE70CFV_EiwBG16bV6FSVCUnU6ZOgkw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Anssi Kääriäinen]

On Fri, 2014-08-08 at 08:39 +0200, Aymeric Augustin wrote:



> You're right. Then just remove "to submit pull requests" from my
> argument
> and it still holds, simply because the vast majority of the Django
> ecosystem
> is on GitHub, and you can't participate meaningfully without GitHub.
> 
> 
> I could change my mind if you provided examples of prominent Django
> contributors who can't have a GitHub account for a good reason.
> 
The reason for unauthenticated Trac access was making it as easy as
possible for random Django developers to submit bug reports. The above
is very close to claiming that we care only about prominent Django
contributors which just isn't true.

For the record, +1 for requiring logins to use Trac (spam + ability to
impersonate core committers were both bad), and +0 for using GitHub for
logins. Having other OAuth providers would be even better.
 - Anssi


-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/1407484416.11410.130.camel%40TTY32.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Ben Finney]

Aymeric Augustin

writes:

> You're right. Then just remove "to submit pull requests" from my
> argument and it still holds, simply because the vast majority of the
> Django ecosystem is on GitHub, and you can't participate meaningfully
> without GitHub.

You can, at present, participate in Django's bug tracker without a
GitHub account.

The bug tracker contributions don't count, then? You consider
participation in bug tracker discussions to be meaningless?

-- 
 \ “For every complex problem, there is a solution that is simple, |
  `\   neat, and wrong.” —Henry L. Mencken |
_o__)  |
Ben Finney

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/85zjff8o84.fsf%40benfinney.id.au.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

2014-08-08 7:19 GMT+02:00 Shai Berger :

> On Friday 08 August 2014 01:49:55 Ben Finney wrote:
> > Aymeric Augustin  writes:
> > > GitHub doesn't require creating a new account, since anyone interested
> > > in contributing to Django should have a GitHub account already to
> > > submit pull requests.
> >
> > This seems to be a common assumption, but it's not true — unless you
> > only count VCS contributions.
> >
> Exactly. While I do care about the Free Software issues, my main concern
> with
> the Github account requirement is the message it seems to send: "If you're
> not
> going to contribute code, we're not interested in your bug reports". This
> sentiment is all but explicitly stated in Aymeric's words above.
>

You're right. Then just remove "to submit pull requests" from my argument
and it still holds, simply because the vast majority of the Django ecosystem
is on GitHub, and you can't participate meaningfully without GitHub.

I could change my mind if you provided examples of prominent Django
contributors who can't have a GitHub account for a good reason.

Even then I'm not sure that would beat the advantage of having the
occasional bug reporter arrive on Trac and think "hey, cool, I can login
to this bug tracker with GitHub".

-- 
Aymeric.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CANE-7mXtB8O8CGMV8XQTFJ_ctSRdT8v3qvLuKYbXdxD0t3H4nA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Shai Berger]

On Friday 08 August 2014 01:49:55 Ben Finney wrote:
> Aymeric Augustin  writes:
> > GitHub doesn't require creating a new account, since anyone interested
> > in contributing to Django should have a GitHub account already to
> > submit pull requests.
> 
> This seems to be a common assumption, but it's not true — unless you
> only count VCS contributions.
> 
Exactly. While I do care about the Free Software issues, my main concern with 
the Github account requirement is the message it seems to send: "If you're not 
going to contribute code, we're not interested in your bug reports". This 
sentiment is all but explicitly stated in Aymeric's words above.

Shai.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/201408080819.30799.shai%40platonix.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Ben Finney]

Aymeric Augustin

writes:

> GitHub doesn't require creating a new account, since anyone interested
> in contributing to Django should have a GitHub account already to
> submit pull requests.

This seems to be a common assumption, but it's not true — unless you
only count VCS contributions.

Are we not talking about contributors to Django's Trac instance, though?
There is currently no need to have a GitHub account to contribute there,
and you're proposing to require that.

> But don't ask me to keep deleting spam manually.

I don't want that to continue. I also don't want these two issues to be
tied together.

-- 
 \ “Facts are stubborn things; and whatever may be our wishes, our |
  `\   inclinations, or the dictates of our passion, they cannot alter |
_o__)the state of facts and evidence.” —John Adams, 1770-12-04 |
Ben Finney

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/85a97fap9o.fsf%40benfinney.id.au.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Donald Stufft]

> I'm sorry. Please accept my apologies and let me rephrase that without
> spam-fighting-induced frustration:
> 
> "Other than reducing spam, Django as a project will benefit from this
> change be freeing core dev time and energy currently used to delete
> spam manually and tweak a feeble anti-spam plugin. Core dev time
> and energy are often cited as bottlenecks in the Django development
> process."
> 
> Other advantages have been put forward; I won't rehash them.


+1

It would also enable us to unify access controls too I think? I think we could
just pull permissions from GitHub?

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/5A2D0897-B9FE-4043-A6DE-BB5D26507360%40stufft.io.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Andre Terra]

Hi, Aymeric,

Thank you for your e-mail. I sympathize with your frustration.

On Thu, Aug 7, 2014 at 3:27 PM, Aymeric Augustin <
aymeric.augus...@polytechnique.org> wrote:

> Indeed, but I’m dismissing this argument because GitHub is the
> pragmatic choice, whether you like it or not. Also, this reveals
> that your argumentation in favor of more planning was actually
> aimed at stalling the proposal.
>
> If you hate GitHub enough that you don’t want to use it, put your
> time where your mouth is and build a solution.
>
> But don’t ask me to keep deleting spam manually.
>

In fact, all of my code is hosted on GitHub. I don't dislike it
particularly, just wanted to make sure we were fully investigating the
alternatives.

About what Django could gain from this project, I think GitHub should at
least tweet that now developers who want to contribute to Django can login
with their GitHub account, and promote the project. I'd prefer a blog post,
but twitter is fine. It's a fair request given the non-negligible impact of
asking every newcomer to sign up to their service.


Cheers,
AT

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAKBiv3ztA5xN-s7Wk6jMzfdfeX5%2BBw0fbQhCdxsV0_CY%3DCDyyw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

Hi Andre,

On 7 août 2014, at 19:57, Andre Terra  wrote:
> On Thu, Aug 7, 2014 at 3:46 AM, Aymeric Augustin 
>  wrote:
> On 7 août 2014, at 02:58, Andre Terra  wrote:
> 
> > Most importantly, how would Django as a project benefit from this
> > choice other than reducing minimal spam?
> 
> Did you just ask "how would Django as a project benefit from having
> core devs work on committing patches rather than fighting spam"?
> 
> Did you just put on the worst attitude possible because someone asked
> an honest question?

I'm sorry. Please accept my apologies and let me rephrase that without
spam-fighting-induced frustration:

"Other than reducing spam, Django as a project will benefit from this
change be freeing core dev time and energy currently used to delete
spam manually and tweak a feeble anti-spam plugin. Core dev time
and energy are often cited as bottlenecks in the Django development
process."

Other advantages have been put forward; I won't rehash them.

> And, no, I asked what advantages are there for choosing GitHub other
> than the alternatives.

GitHub doesn't require creating a new account, since anyone interested
in contributing to Django should have a GitHub account already to
submit pull requests.

> As someone else aptly put it somewhere else in
> this thread, what if we decide we don't like GitHub anymore?

The same thing will happen as when we decided we didn't like
self-hosted SVN anymore: we'll migrate to the shiny new thing.

> I'm sorry, but ideas don't matter nearly as much as execution here.
> We just need working tools -- nothing fancy.
> 
> I am sorry, I was under the impression that this was a mailing list.
> I wasn't aware we were on a coding sprint.
> I would say execution doesn't matter nearly as much as planning.

When we had the discussions that led to Django's eventual move
from self-hosted SVN to GitHub, we kept planning and not executing
until Adrian bit the bullet and Just Fucking Did It. In hindsight it's
generally accepted as a good idea. That's why I believe that, when
tooling is concerned (as opposed to code), endless planning is
inefficient.

> Many others before and after me have expressed a desire to
> not have GitHub as a hard requirement.

Indeed, but I'm dismissing this argument because GitHub is the
pragmatic choice, whether you like it or not. Also, this reveals
that your argumentation in favor of more planning was actually
aimed at stalling the proposal.

If you hate GitHub enough that you don't want to use it, put your
time where your mouth is and build a solution.

But don't ask me to keep deleting spam manually.

-- 
Aymeric.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/EFF6241C-C9C0-4689-9B4C-676D1754AF9D%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Andre Terra]

On Thu, Aug 7, 2014 at 3:46 AM, Aymeric Augustin <
aymeric.augus...@polytechnique.org> wrote:

> On 7 août 2014, at 02:58, Andre Terra  wrote:
>
> > Most importantly, how would Django as a project benefit from this
> > choice other than reducing minimal spam?
>
> Did you just ask “how would Django as a project benefit from having
> core devs work on committing patches rather than fighting spam”?
>

Did you just put on the worst attitude possible because someone asked an
honest question?

And, no, I asked what advantages are there for choosing GitHub other than
the alternatives. As someone else aptly put it somewhere else in this
thread, what if we decide we don't like GitHub anymore?

If you don’t already have a djangoproject.com account, you’re likely to
> give up on reporting a small bug just because it’s too complicated to
> log in. Considering our target demographic, GitHub OAuth would
> eliminate this problem.
>
> Also, if you’re trying to report a bug anonymously, you’re likely to be
> unable to pass the CAPTCHA, and also be unable to report it, because
> you’re still getting blocked by the CAPTCHA. See complaints:
> https://code.djangoproject.com/search?q=captcha=1=on
>
> Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic
> beginners than grumpy freedom extremists who refuse to use GitHub.
>
> > A better solution would be to strengthen what it means to have an
> identity
> > on djangoproject.com. Rather than restricting user actions to Trac, we
> > could motivate users to create something like a Django profile which
> would
> > be used for Trac (among may other uses)
>
> We already have that: https://www.djangoproject.com/~aaugustin/


Yes, I am well aware. Hence my use of the word "strengthen".

> and could later be linked to any OAuth providers, including but not
> limited
> > to GitHub.
>
> We don’t have that.
>
> > TL;DR Identity on djangoproject.com, Authentication linked to multiple
> OAuth,
> > Authorization in Trac.
>
> Are you volunteering to do this work, and if so, when will it be done?
>
> > I hope that idea makes sense. I may be just babbling nonsense.
>
>
> I’m sorry, but ideas don’t matter nearly as much as execution here.
> We just need working tools — nothing fancy.


I am sorry, I was under the impression that this was a mailing list. I
wasn't aware we were on a coding sprint.

I would say execution doesn't matter nearly as much as planning.

I think it's common sense to establish a long term path before we taking
the first step. Perhaps GitHub OAuth is a good solution for the spam
problem, but on the other hand it may not be the ideal solution for Django
as a community and project. Many others before and after me have expressed
a desire to not have GitHub as a hard requirement. Are we more adamant
about not adding code to contrib or using X or Y javascript framework than
we are about adding GitHub as a requirement to the project?

The ad hominem attacks and harsh attitude definitely do not make an
inviting atmosphere for new and old contributors alike. Consider rethinking
that.


--
AT

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAKBiv3yJejuTe%2B%2Bz3JHFNqzv3c3x-Am-WViND9hEM5W_BZnX%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Chris Foresman]

+1 on GitHub OAuth. I've avoided filling or commenting on bugs because 
setting up Yet Another Account was enough friction that I never did it.


On Thursday, August 7, 2014 2:21:06 AM UTC-5, Erik Romijn wrote:
>
>
> Using GitHub makes sense as it's very likely a new contributor already 
> has a GitHub account (and if not, creating an account is useful for 
> much more than just Django), and many actions of contributing to Django 
> already tie closely to GitHub - even though you can still avoid it if 
> you really insist. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/85189601-fdf8-412b-8a61-d061bf4e1472%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Daniele Procida]

On Thu, Aug 7, 2014, Schmitt, Christian  wrote:

>Currently we already live in a world were everything gets connected. And
>that is really awful. One must consider that Github is definitely a target
>for intelligence agencies. And I don't mean the NSA only.
>Maybe I'm a little bit too paranoid but at the current state of the
>internet we shouldn't try to connect everything, just it is easier to login.

The purpose isn't to make it easier to login - it's to make it harder for 
people to flood Trac with spam. Maintaining that is a real pain in the neck. 

This isn't just about convenience, it's about a significant quantity of work 
just to clean up other people's abuse and to keep the system reasonably clean.

If someone has the time and energy to keep Trac free of spam, that would be a 
solution - but I'd prefer to find a solution that didn't waste valuable human 
time and energy.

Daniele

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/20140807125600.987319572%40mail.wservices.ch.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Tom Christie]

Absolutely +1.

Clearly the most pragmatic choice.

On Thursday, 7 August 2014 13:43:45 UTC+1, Josh Smeaton wrote:
>
> I don't think "vendor lock in" is a good enough reason to avoid it. If 
> GitHub were to go away, the move to a new code platform would be the 
> greater problem. Also, nothing will be "lost". The old usernames will still 
> be there, they just won't be properly linked to your github username. I 
> don't think that's really a major concern either.
>
> > Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic 
> > beginners than grumpy freedom extremists who refuse to use GitHub.
>
> +1
>
> On Thursday, 7 August 2014 16:49:00 UTC+10, Christian Schmitt wrote:
>>
>> I'm a little bit concerned about that.
>> First I'm using a different user on Trac than on Github, so everything I 
>> wrote so far will getting lost (not that bad problem for me), but I think 
>> there are many users who are in the same situation.
>>
>> The next thing is vendor lock-in. What will happen if Github don't have 
>> enough money? Then all usernames would need to migrate back or to another 
>> OAuth provider, then everything could be lost a second time.
>> Or that Github gets bad / mad.
>>
>> Currently we already live in a world were everything gets connected. And 
>> that is really awful. One must consider that Github is definitely a target 
>> for intelligence agencies. And I don't mean the NSA only. 
>> Maybe I'm a little bit too paranoid but at the current state of the 
>> internet we shouldn't try to connect everything, just it is easier to login.
>>
>>
>>
>>
>> 2014-08-07 8:46 GMT+02:00 Aymeric Augustin > >:
>>
>>> To be clear, I have a working implementation of GitHub OAuth that I can
>>> activate as soon as we reach a consensus.
>>>
>>>
>>>
>>> On 7 août 2014, at 02:43, Ben Finney  wrote:
>>>
>>> > −1. I am happy to agree to Django's BTS terms of use, not GitHub's.
>>> > Please don't make the former depend on the latter.
>>>
>>> I didn’t know our Trac installation had terms of use. So, are you
>>> volunteering to jump in and delete spam as it comes in? Or do you
>>> have an alternative proposal?
>>>
>>>
>>>
>>> On 7 août 2014, at 02:47, Shai Berger  wrote:
>>>
>>> > Today, it is possible to contribute to the Django project without a
>>> > Github account. I would like this to remain the case.
>>>
>>> This is possible but in a limited capacity. To be honest, I think that
>>> ship sailed when we moved to GitHub. We would have also moved
>>> issues there if GitHub’s tools were usable.
>>>
>>>
>>>
>>> On 7 août 2014, at 02:58, Andre Terra  wrote:
>>>
>>> > Most importantly, how would Django as a project benefit from this
>>> > choice other than reducing minimal spam?
>>>
>>> Did you just ask “how would Django as a project benefit from having
>>> core devs work on committing patches rather than fighting spam”?
>>>
>>> If you don’t already have a djangoproject.com account, you’re likely to
>>> give up on reporting a small bug just because it’s too complicated to
>>> log in. Considering our target demographic, GitHub OAuth would
>>> eliminate this problem.
>>>
>>> Also, if you’re trying to report a bug anonymously, you’re likely to be
>>> unable to pass the CAPTCHA, and also be unable to report it, because
>>> you’re still getting blocked by the CAPTCHA. See complaints:
>>> https://code.djangoproject.com/search?q=captcha=1=on
>>>
>>> Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic
>>> beginners than grumpy freedom extremists who refuse to use GitHub.
>>>
>>> > A better solution would be to strengthen what it means to have an 
>>> identity
>>> > on djangoproject.com. Rather than restricting user actions to Trac, we
>>> > could motivate users to create something like a Django profile which 
>>> would
>>> > be used for Trac (among may other uses)
>>>
>>> We already have that: https://www.djangoproject.com/~aaugustin/
>>>
>>> > and could later be linked to any OAuth providers, including but not 
>>> limited
>>> > to GitHub.
>>>
>>> We don’t have that.
>>>
>>> > TL;DR Identity on djangoproject.com, Authentication linked to 
>>> multiple OAuth,
>>> > Authorization in Trac.
>>>
>>> Are you volunteering to do this work, and if so, when will it be done?
>>>
>>> > I hope that idea makes sense. I may be just babbling nonsense.
>>>
>>>
>>> I’m sorry, but ideas don’t matter nearly as much as execution here.
>>> We just need working tools — nothing fancy.
>>>
>>>
>>>
>>> On 7 août 2014, at 02:59, Josh Smeaton  wrote:
>>>
>>> > is it easy enough to support github oauth + the current trac auth 
>>> concurrently?
>>> > If a user chooses to go through the harder path, that's fine.
>>>
>>> It may be doable to provide two authentications endpoints, like /login 
>>> and
>>> /login/github. Trac just looks at REMOTE_USER and creates a session that
>>> lasts until you logout. I’ll look 

Re: Requiring GitHub login for actions on Trac

[Josh Smeaton]

I don't think "vendor lock in" is a good enough reason to avoid it. If 
GitHub were to go away, the move to a new code platform would be the 
greater problem. Also, nothing will be "lost". The old usernames will still 
be there, they just won't be properly linked to your github username. I 
don't think that's really a major concern either.

> Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic 
> beginners than grumpy freedom extremists who refuse to use GitHub.

+1

On Thursday, 7 August 2014 16:49:00 UTC+10, Christian Schmitt wrote:
>
> I'm a little bit concerned about that.
> First I'm using a different user on Trac than on Github, so everything I 
> wrote so far will getting lost (not that bad problem for me), but I think 
> there are many users who are in the same situation.
>
> The next thing is vendor lock-in. What will happen if Github don't have 
> enough money? Then all usernames would need to migrate back or to another 
> OAuth provider, then everything could be lost a second time.
> Or that Github gets bad / mad.
>
> Currently we already live in a world were everything gets connected. And 
> that is really awful. One must consider that Github is definitely a target 
> for intelligence agencies. And I don't mean the NSA only. 
> Maybe I'm a little bit too paranoid but at the current state of the 
> internet we shouldn't try to connect everything, just it is easier to login.
>
>
>
>
> 2014-08-07 8:46 GMT+02:00 Aymeric Augustin  >:
>
>> To be clear, I have a working implementation of GitHub OAuth that I can
>> activate as soon as we reach a consensus.
>>
>>
>>
>> On 7 août 2014, at 02:43, Ben Finney > > wrote:
>>
>> > −1. I am happy to agree to Django's BTS terms of use, not GitHub's.
>> > Please don't make the former depend on the latter.
>>
>> I didn’t know our Trac installation had terms of use. So, are you
>> volunteering to jump in and delete spam as it comes in? Or do you
>> have an alternative proposal?
>>
>>
>>
>> On 7 août 2014, at 02:47, Shai Berger  
>> wrote:
>>
>> > Today, it is possible to contribute to the Django project without a
>> > Github account. I would like this to remain the case.
>>
>> This is possible but in a limited capacity. To be honest, I think that
>> ship sailed when we moved to GitHub. We would have also moved
>> issues there if GitHub’s tools were usable.
>>
>>
>>
>> On 7 août 2014, at 02:58, Andre Terra  
>> wrote:
>>
>> > Most importantly, how would Django as a project benefit from this
>> > choice other than reducing minimal spam?
>>
>> Did you just ask “how would Django as a project benefit from having
>> core devs work on committing patches rather than fighting spam”?
>>
>> If you don’t already have a djangoproject.com account, you’re likely to
>> give up on reporting a small bug just because it’s too complicated to
>> log in. Considering our target demographic, GitHub OAuth would
>> eliminate this problem.
>>
>> Also, if you’re trying to report a bug anonymously, you’re likely to be
>> unable to pass the CAPTCHA, and also be unable to report it, because
>> you’re still getting blocked by the CAPTCHA. See complaints:
>> https://code.djangoproject.com/search?q=captcha=1=on
>>
>> Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic
>> beginners than grumpy freedom extremists who refuse to use GitHub.
>>
>> > A better solution would be to strengthen what it means to have an 
>> identity
>> > on djangoproject.com. Rather than restricting user actions to Trac, we
>> > could motivate users to create something like a Django profile which 
>> would
>> > be used for Trac (among may other uses)
>>
>> We already have that: https://www.djangoproject.com/~aaugustin/
>>
>> > and could later be linked to any OAuth providers, including but not 
>> limited
>> > to GitHub.
>>
>> We don’t have that.
>>
>> > TL;DR Identity on djangoproject.com, Authentication linked to multiple 
>> OAuth,
>> > Authorization in Trac.
>>
>> Are you volunteering to do this work, and if so, when will it be done?
>>
>> > I hope that idea makes sense. I may be just babbling nonsense.
>>
>>
>> I’m sorry, but ideas don’t matter nearly as much as execution here.
>> We just need working tools — nothing fancy.
>>
>>
>>
>> On 7 août 2014, at 02:59, Josh Smeaton  
>> wrote:
>>
>> > is it easy enough to support github oauth + the current trac auth 
>> concurrently?
>> > If a user chooses to go through the harder path, that's fine.
>>
>> It may be doable to provide two authentications endpoints, like /login and
>> /login/github. Trac just looks at REMOTE_USER and creates a session that
>> lasts until you logout. I’ll look into it.
>>
>> That solves the “GitHub is evil, I don’t want to touch their bytes with a 
>> six
>> foot pole” problem, but only half of the username mismatch problem. You
>> can keep using your djangoproject.com username is you 

Re: Requiring GitHub login for actions on Trac

[Erik Romijn]

Thank you for working on this, Aymeric. I am definitely +1 on moving to 
GitHub as sole authentication provider for trac.

We could argue about this forever. In the mean time the spam will pile
up, core developers will have to spend time deleting all of it, and
eventually we'd come to a plan which will never be executed because
nobody has enough time to build the convoluted end result.

Using GitHub makes sense as it's very likely a new contributor already
has a GitHub account (and if not, creating an account is useful for
much more than just Django), and many actions of contributing to Django
already tie closely to GitHub - even though you can still avoid it if
you really insist.

I have no strong feelings about having trac and GitHub authentication
both available. If we can make it work, it makes sense to allow it, but
I can see your point regarding technical issues that may have.

Most of all, let's be pragmatic about it and stop the spam, with the
added benefit of lowering the boundary for new contributors.

Erik

On 07 Aug 2014, at 08:46, Aymeric Augustin  
wrote:

> To be clear, I have a working implementation of GitHub OAuth that I can
> activate as soon as we reach a consensus.
> 
> 
> 
> On 7 août 2014, at 02:43, Ben Finney  wrote:
> 
>> −1. I am happy to agree to Django's BTS terms of use, not GitHub's.
>> Please don't make the former depend on the latter.
> 
> I didn’t know our Trac installation had terms of use. So, are you
> volunteering to jump in and delete spam as it comes in? Or do you
> have an alternative proposal?
> 
> 
> 
> On 7 août 2014, at 02:47, Shai Berger  wrote:
> 
>> Today, it is possible to contribute to the Django project without a 
>> Github account. I would like this to remain the case.
> 
> This is possible but in a limited capacity. To be honest, I think that
> ship sailed when we moved to GitHub. We would have also moved
> issues there if GitHub’s tools were usable.
> 
> 
> 
> On 7 août 2014, at 02:58, Andre Terra  wrote:
> 
>> Most importantly, how would Django as a project benefit from this
>> choice other than reducing minimal spam?
> 
> Did you just ask “how would Django as a project benefit from having
> core devs work on committing patches rather than fighting spam”?
> 
> If you don’t already have a djangoproject.com account, you’re likely to
> give up on reporting a small bug just because it’s too complicated to
> log in. Considering our target demographic, GitHub OAuth would
> eliminate this problem.
> 
> Also, if you’re trying to report a bug anonymously, you’re likely to be
> unable to pass the CAPTCHA, and also be unable to report it, because
> you’re still getting blocked by the CAPTCHA. See complaints:
> https://code.djangoproject.com/search?q=captcha=1=on
> 
> Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic
> beginners than grumpy freedom extremists who refuse to use GitHub.
> 
>> A better solution would be to strengthen what it means to have an identity
>> on djangoproject.com. Rather than restricting user actions to Trac, we
>> could motivate users to create something like a Django profile which would
>> be used for Trac (among may other uses)
> 
> We already have that: https://www.djangoproject.com/~aaugustin/
> 
>> and could later be linked to any OAuth providers, including but not limited
>> to GitHub.
> 
> We don’t have that.
> 
>> TL;DR Identity on djangoproject.com, Authentication linked to multiple OAuth,
>> Authorization in Trac.
> 
> Are you volunteering to do this work, and if so, when will it be done?
> 
>> I hope that idea makes sense. I may be just babbling nonsense.
> 
> 
> I’m sorry, but ideas don’t matter nearly as much as execution here.
> We just need working tools — nothing fancy.
> 
> 
> 
> On 7 août 2014, at 02:59, Josh Smeaton  wrote:
> 
>> is it easy enough to support github oauth + the current trac auth 
>> concurrently?
>> If a user chooses to go through the harder path, that's fine.
> 
> It may be doable to provide two authentications endpoints, like /login and
> /login/github. Trac just looks at REMOTE_USER and creates a session that
> lasts until you logout. I’ll look into it.
> 
> That solves the “GitHub is evil, I don’t want to touch their bytes with a six
> foot pole” problem, but only half of the username mismatch problem. You
> can keep using your djangoproject.com username is you wish, but if
> someone else owns the same username on GitHub, they can impersonate
> you e.g. https://github.com/shai / https://www.djangoproject.com/~shai/.
> 
> That said, if you aren’t logged in, you can type anything you want in Trac's
> “Your username or email” field. It provides identification, not 
> authentication.
> This has never been a problem in the past. So I don’t think we’ll run into
> too much trouble with usernames in general.
> 
> The only part where Trac usernames are used for 

Re: Requiring GitHub login for actions on Trac

[Schmitt, Christian]

I'm a little bit concerned about that.
First I'm using a different user on Trac than on Github, so everything I
wrote so far will getting lost (not that bad problem for me), but I think
there are many users who are in the same situation.

The next thing is vendor lock-in. What will happen if Github don't have
enough money? Then all usernames would need to migrate back or to another
OAuth provider, then everything could be lost a second time.
Or that Github gets bad / mad.

Currently we already live in a world were everything gets connected. And
that is really awful. One must consider that Github is definitely a target
for intelligence agencies. And I don't mean the NSA only.
Maybe I'm a little bit too paranoid but at the current state of the
internet we shouldn't try to connect everything, just it is easier to login.




2014-08-07 8:46 GMT+02:00 Aymeric Augustin <
aymeric.augus...@polytechnique.org>:

> To be clear, I have a working implementation of GitHub OAuth that I can
> activate as soon as we reach a consensus.
>
>
>
> On 7 août 2014, at 02:43, Ben Finney  wrote:
>
> > −1. I am happy to agree to Django's BTS terms of use, not GitHub's.
> > Please don't make the former depend on the latter.
>
> I didn’t know our Trac installation had terms of use. So, are you
> volunteering to jump in and delete spam as it comes in? Or do you
> have an alternative proposal?
>
>
>
> On 7 août 2014, at 02:47, Shai Berger  wrote:
>
> > Today, it is possible to contribute to the Django project without a
> > Github account. I would like this to remain the case.
>
> This is possible but in a limited capacity. To be honest, I think that
> ship sailed when we moved to GitHub. We would have also moved
> issues there if GitHub’s tools were usable.
>
>
>
> On 7 août 2014, at 02:58, Andre Terra  wrote:
>
> > Most importantly, how would Django as a project benefit from this
> > choice other than reducing minimal spam?
>
> Did you just ask “how would Django as a project benefit from having
> core devs work on committing patches rather than fighting spam”?
>
> If you don’t already have a djangoproject.com account, you’re likely to
> give up on reporting a small bug just because it’s too complicated to
> log in. Considering our target demographic, GitHub OAuth would
> eliminate this problem.
>
> Also, if you’re trying to report a bug anonymously, you’re likely to be
> unable to pass the CAPTCHA, and also be unable to report it, because
> you’re still getting blocked by the CAPTCHA. See complaints:
> https://code.djangoproject.com/search?q=captcha=1=on
>
> Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic
> beginners than grumpy freedom extremists who refuse to use GitHub.
>
> > A better solution would be to strengthen what it means to have an
> identity
> > on djangoproject.com. Rather than restricting user actions to Trac, we
> > could motivate users to create something like a Django profile which
> would
> > be used for Trac (among may other uses)
>
> We already have that: https://www.djangoproject.com/~aaugustin/
>
> > and could later be linked to any OAuth providers, including but not
> limited
> > to GitHub.
>
> We don’t have that.
>
> > TL;DR Identity on djangoproject.com, Authentication linked to multiple
> OAuth,
> > Authorization in Trac.
>
> Are you volunteering to do this work, and if so, when will it be done?
>
> > I hope that idea makes sense. I may be just babbling nonsense.
>
>
> I’m sorry, but ideas don’t matter nearly as much as execution here.
> We just need working tools — nothing fancy.
>
>
>
> On 7 août 2014, at 02:59, Josh Smeaton  wrote:
>
> > is it easy enough to support github oauth + the current trac auth
> concurrently?
> > If a user chooses to go through the harder path, that's fine.
>
> It may be doable to provide two authentications endpoints, like /login and
> /login/github. Trac just looks at REMOTE_USER and creates a session that
> lasts until you logout. I’ll look into it.
>
> That solves the “GitHub is evil, I don’t want to touch their bytes with a
> six
> foot pole” problem, but only half of the username mismatch problem. You
> can keep using your djangoproject.com username is you wish, but if
> someone else owns the same username on GitHub, they can impersonate
> you e.g. https://github.com/shai / https://www.djangoproject.com/~shai/.
>
> That said, if you aren’t logged in, you can type anything you want in
> Trac's
> “Your username or email” field. It provides identification, not
> authentication.
> This has never been a problem in the past. So I don’t think we’ll run into
> too much trouble with usernames in general.
>
> The only part where Trac usernames are used for authentication is access
> control, which only applies to people who have special permissions.
>
> --
> Aymeric.
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django 

Re: Requiring GitHub login for actions on Trac

[Aymeric Augustin]

To be clear, I have a working implementation of GitHub OAuth that I can
activate as soon as we reach a consensus.



On 7 août 2014, at 02:43, Ben Finney  wrote:

> −1. I am happy to agree to Django's BTS terms of use, not GitHub's.
> Please don't make the former depend on the latter.

I didn’t know our Trac installation had terms of use. So, are you
volunteering to jump in and delete spam as it comes in? Or do you
have an alternative proposal?



On 7 août 2014, at 02:47, Shai Berger  wrote:

> Today, it is possible to contribute to the Django project without a 
> Github account. I would like this to remain the case.

This is possible but in a limited capacity. To be honest, I think that
ship sailed when we moved to GitHub. We would have also moved
issues there if GitHub’s tools were usable.



On 7 août 2014, at 02:58, Andre Terra  wrote:

> Most importantly, how would Django as a project benefit from this
> choice other than reducing minimal spam?

Did you just ask “how would Django as a project benefit from having
core devs work on committing patches rather than fighting spam”?

If you don’t already have a djangoproject.com account, you’re likely to
give up on reporting a small bug just because it’s too complicated to
log in. Considering our target demographic, GitHub OAuth would
eliminate this problem.

Also, if you’re trying to report a bug anonymously, you’re likely to be
unable to pass the CAPTCHA, and also be unable to report it, because
you’re still getting blocked by the CAPTCHA. See complaints:
https://code.djangoproject.com/search?q=captcha=1=on

Finally, to be honest, I’d rather adjust Django’s tools to enthusiastic
beginners than grumpy freedom extremists who refuse to use GitHub.

> A better solution would be to strengthen what it means to have an identity
> on djangoproject.com. Rather than restricting user actions to Trac, we
> could motivate users to create something like a Django profile which would
> be used for Trac (among may other uses)

We already have that: https://www.djangoproject.com/~aaugustin/

> and could later be linked to any OAuth providers, including but not limited
> to GitHub.

We don’t have that.

> TL;DR Identity on djangoproject.com, Authentication linked to multiple OAuth,
> Authorization in Trac.

Are you volunteering to do this work, and if so, when will it be done?

> I hope that idea makes sense. I may be just babbling nonsense.


I’m sorry, but ideas don’t matter nearly as much as execution here.
We just need working tools — nothing fancy.



On 7 août 2014, at 02:59, Josh Smeaton  wrote:

> is it easy enough to support github oauth + the current trac auth 
> concurrently?
> If a user chooses to go through the harder path, that's fine.

It may be doable to provide two authentications endpoints, like /login and
/login/github. Trac just looks at REMOTE_USER and creates a session that
lasts until you logout. I’ll look into it.

That solves the “GitHub is evil, I don’t want to touch their bytes with a six
foot pole” problem, but only half of the username mismatch problem. You
can keep using your djangoproject.com username is you wish, but if
someone else owns the same username on GitHub, they can impersonate
you e.g. https://github.com/shai / https://www.djangoproject.com/~shai/.

That said, if you aren’t logged in, you can type anything you want in Trac's
“Your username or email” field. It provides identification, not authentication.
This has never been a problem in the past. So I don’t think we’ll run into
too much trouble with usernames in general.

The only part where Trac usernames are used for authentication is access
control, which only applies to people who have special permissions.

-- 
Aymeric.




-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/53B41C22-FAB6-49A9-9284-5BCCFC4D28BD%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Michael Manfre]

On Wed, Aug 6, 2014 at 8:59 PM, Josh Smeaton  wrote:

> In that case, is it easy enough to support github oauth + the current trac
> auth concurrently? If a user chooses to go through the harder path, that's
> fine.
>
> I like the idea of using github oauth. Password managers usually have a
> miserable time supporting HTTP basic auth.
>

I've made many comments without logging in because LastPass doesn't seem to
work with basic auth and having to manually copy & paste credentials is too
much of a hassle to bother with.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAGdCwBv8Sha2ozJ9ytmvT%3DHmdY8eY2N13AM9gmQqcRrwoMxnhw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Ben Finney]

Alex Gaynor 
writes:

> For new users, being able to reuse existing authentication credentials
> is a considerable step up

Agreed. This is an argument to allow OAuth login.

It is not an argument to privilege any OAuth provider over others, or
any OAuth provider over no provider at all.

> I regularly give up on filing bug reports against other OSS projects
> because I'm frankly too tired to register for
> yet-another-JIRA-instance.

Likewise, I regularly give up because too much dependence is given to
Facebook, or GitHub, or etc. etc. etc.

Please don't make a new user's use of one service depend on them having
agreed to a specific unrelated corporation's terms of use.

They should be free to join whether or not they are a user of GitHub or
Facebook or Twitter or JoesOwnProvider or none of the above.

-- 
 \“If I melt dry ice, can I swim without getting wet?” —Steven |
  `\Wright |
_o__)  |
Ben Finney

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/85tx5p9jtb.fsf%40benfinney.id.au.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Alex Gaynor]

+1 for Github.

Here's why: You're all focused on existing users. For new users, being able
to reuse existing authentication credentials is a considerable step up, I
regularly give up on filing bug reports against other OSS projects because
I'm frankly too tired to register for yet-another-JIRA-instance.

Alex


On Wed, Aug 6, 2014 at 5:58 PM, Andre Terra  wrote:

>
> On Wed, Aug 6, 2014 at 9:47 PM, Shai Berger  wrote:
>
>> Today, it is possible to contribute to the Django project without a
>> Github account. I would like this to remain the case.
>>
>
> This is the most important argument for the -0. In fact, as a seldom code
> contributor but long time user and commenter on trac tickets, if I had to
> vote, I would actually -1 on the basis of not wanting to give that blessing
> to GitHub on an exclusive basis. If were are considering other OAuth
> providers, "now is better than ever" lest GitHub take over as a de facto
> standard that may never be overcome.
>
> Most importantly, how would Django as a project benefit from this choice
> other than reducing minimal spam?
>
> A better solution would be to strengthen what it means to have an identity
> on djangoproject.com. Rather than restricting user actions to Trac, we
> could motivate users to create something like a Django profile which would
> be used for Trac (among may other uses) and could later be linked to any
> OAuth providers, including but not limited to GitHub.
>
> TL;DR Identity on djangoproject.com, Authentication linked to multiple
> OAuth, Authorization in Trac.
>
> I hope that idea makes sense. I may be just babbling nonsense.
>
>
> Cheers,
> AT
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAKBiv3xybw0b26tamFS%2BMDuPPF8Ce5L7bqza6k08a2_u2eeMcg%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAFRnB2V7MpQQrqzFp-_DOdcAzeRU%3DD_RdVy6ur02SBZWfVYYrw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Josh Smeaton]

In that case, is it easy enough to support github oauth + the current trac 
auth concurrently? If a user chooses to go through the harder path, that's 
fine.

I like the idea of using github oauth. Password managers usually have a 
miserable time supporting HTTP basic auth.

On Thursday, 7 August 2014 10:44:08 UTC+10, Ben Finney wrote:
>
> Aymeric Augustin 
>  
> writes: 
>
> > In order to fix the spam problem while maintaining an easy workflow, 
> > I'm proposing to require GitHub auth for all "write" operations: 
> > creating a ticket, adding a comment, etc. Most people interested in 
> > Trac should have a GitHub account already. 
>
> −1. I am happy to agree to Django's BTS terms of use, not GitHub's. 
> Please don't make the former depend on the latter. 
>
> -- 
>  \  “Isn't it enough to see that a garden is beautiful without | 
>   `\  having to believe that there are fairies at the bottom of it | 
> _o__) too?” —Douglas Adams | 
> Ben Finney 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/c56a5824-da8a-4b2a-9682-0f4a49aaa1f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Andre Terra]

On Wed, Aug 6, 2014 at 9:47 PM, Shai Berger  wrote:

> Today, it is possible to contribute to the Django project without a
> Github account. I would like this to remain the case.
>

This is the most important argument for the -0. In fact, as a seldom code
contributor but long time user and commenter on trac tickets, if I had to
vote, I would actually -1 on the basis of not wanting to give that blessing
to GitHub on an exclusive basis. If were are considering other OAuth
providers, "now is better than ever" lest GitHub take over as a de facto
standard that may never be overcome.

Most importantly, how would Django as a project benefit from this choice
other than reducing minimal spam?

A better solution would be to strengthen what it means to have an identity
on djangoproject.com. Rather than restricting user actions to Trac, we
could motivate users to create something like a Django profile which would
be used for Trac (among may other uses) and could later be linked to any
OAuth providers, including but not limited to GitHub.

TL;DR Identity on djangoproject.com, Authentication linked to multiple
OAuth, Authorization in Trac.

I hope that idea makes sense. I may be just babbling nonsense.


Cheers,
AT

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAKBiv3xybw0b26tamFS%2BMDuPPF8Ce5L7bqza6k08a2_u2eeMcg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Shai Berger]

Hi,

> On 08/06/2014 03:30 PM, Tim Graham wrote:
> > I proposed the idea a couple months ago and got several +1's. The main
> > concern was from Shai, "not quite -1, but a strong -0 on "blessing" any
> > single oAuth provider. GitHub is fine, but so are Google, StackExchange,
> > and even the Evil Empires(TM)."

I still hold this position. 

On Thursday 07 August 2014 00:35:11 Carl Meyer wrote:
> I don't see a problem with supporting only GitHub OAuth in this case.
> Django is hosted on GitHub, and any code contribution (which is
> ultimately what Trac is all about) will happen via GitHub

I disagree twice. We use Trac for a Wiki, not just for issue tracking, and 
many contributions on Trac are not code contributions (even though they are 
ultimately about code). Further, we still accept patches as attachments to 
tickets. Today, it is possible to contribute to the Django project without a 
Github account. I would like this to remain the case.

> > On Wednesday, August 6, 2014 5:18:38 PM UTC-4, Aymeric Augustin wrote:
> > 
> > If you’re subscribed to django-updates, you may have noticed that
> > some spam is getting through since a few days. This is a negligible
> > percentage of the amount of spam our defenses are fending off (about
> > 4000 / day) but it’s annoying.
> > 

Agreed. Something needs to be done.

> > The main downside is that we’re switching to a different set of
> > usernames. If a person doesn’t have the same username on Trac and on
> > GitHub, comments made before and after the switch will appear under
> > different names. However, we already have that problem when people
> > forget to login and it isn’t that bad. We’ll also have to audit
> > usernames of the fifty people who have admin permissions.
> > 

Due diligence: I am one of those users whose name on Trac is not the same as 
on Github. Consider me biased :-)

Shai.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/201408070347.45500.shai%40platonix.com.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Ben Finney]

Aymeric Augustin

writes:

> In order to fix the spam problem while maintaining an easy workflow,
> I'm proposing to require GitHub auth for all "write" operations:
> creating a ticket, adding a comment, etc. Most people interested in
> Trac should have a GitHub account already.

−1. I am happy to agree to Django's BTS terms of use, not GitHub's.
Please don't make the former depend on the latter.

-- 
 \  “Isn't it enough to see that a garden is beautiful without |
  `\  having to believe that there are fairies at the bottom of it |
_o__) too?” —Douglas Adams |
Ben Finney

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/85y4v19ljh.fsf%40benfinney.id.au.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Carl Meyer]

+1 from me.

I don't see a problem with supporting only GitHub OAuth in this case.
Django is hosted on GitHub, and any code contribution (which is
ultimately what Trac is all about) will happen via GitHub, so it seems
quite natural to me to support GitHub OAuth rather than any other
arbitrary OAuth provider. (Not that I'd be opposed if someone wanted to
add support for other providers, just that I don't think this initiative
should be held up on that basis.)

Carl

On 08/06/2014 03:30 PM, Tim Graham wrote:
> I proposed the idea a couple months ago and got several +1's. The main
> concern was from Shai, "not quite -1, but a strong -0 on "blessing" any
> single oAuth provider. GitHub is fine, but so are Google, StackExchange,
> and even the Evil Empires(TM)."
> 
> https://groups.google.com/d/msg/django-developers/g728g23VI2E/whaVBdxSAlYJ
> 
> On Wednesday, August 6, 2014 5:18:38 PM UTC-4, Aymeric Augustin wrote:
> 
> Hello,
> 
> If you’re subscribed to django-updates, you may have noticed that
> some spam is getting through since a few days. This is a negligible
> percentage of the amount of spam our defenses are fending off (about
> 4000 / day) but it’s annoying.
> 
> We're allowing anonymous bug reports because the process to create
> and activate a djangoproject.com  account
> is too cumbersome. You must go to www.djangoproject.com
> , register, get an email, and then go
> back to Trac and log in.
> 
> In order to fix the spam problem while maintaining an easy workflow,
> I’m proposing to require GitHub auth for all “write” operations:
> creating a ticket, adding a comment, etc. Most people interested in
> Trac should have a GitHub account already.
> 
> The main downside is that we’re switching to a different set of
> usernames. If a person doesn’t have the same username on Trac and on
> GitHub, comments made before and after the switch will appear under
> different names. However, we already have that problem when people
> forget to login and it isn’t that bad. We’ll also have to audit
> usernames of the fifty people who have admin permissions.
> 
> As another upside, people won’t have to remember their Trac username
> and password anymore.
> 
> What do you think?
> 
> -- 
> Aymeric.
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-developers+unsubscr...@googlegroups.com
> .
> To post to this group, send email to django-developers@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/39b51ddd-7eac-4087-bde4-d798c1728e2d%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/53E29F8F.8040209%40oddbird.net.
For more options, visit https://groups.google.com/d/optout.

Re: Requiring GitHub login for actions on Trac

[Tim Graham]

I proposed the idea a couple months ago and got several +1's. The main 
concern was from Shai, "not quite -1, but a strong -0 on "blessing" any 
single oAuth provider. GitHub is fine, but so are Google, StackExchange, 
and even the Evil Empires(TM)."

https://groups.google.com/d/msg/django-developers/g728g23VI2E/whaVBdxSAlYJ

On Wednesday, August 6, 2014 5:18:38 PM UTC-4, Aymeric Augustin wrote:
>
> Hello, 
>
> If you’re subscribed to django-updates, you may have noticed that some 
> spam is getting through since a few days. This is a negligible percentage 
> of the amount of spam our defenses are fending off (about 4000 / day) but 
> it’s annoying. 
>
> We're allowing anonymous bug reports because the process to create and 
> activate a djangoproject.com account is too cumbersome. You must go to 
> www.djangoproject.com, register, get an email, and then go back to Trac 
> and log in. 
>
> In order to fix the spam problem while maintaining an easy workflow, I’m 
> proposing to require GitHub auth for all “write” operations: creating a 
> ticket, adding a comment, etc. Most people interested in Trac should have a 
> GitHub account already. 
>
> The main downside is that we’re switching to a different set of usernames. 
> If a person doesn’t have the same username on Trac and on GitHub, comments 
> made before and after the switch will appear under different names. 
> However, we already have that problem when people forget to login and it 
> isn’t that bad. We’ll also have to audit usernames of the fifty people who 
> have admin permissions. 
>
> As another upside, people won’t have to remember their Trac username and 
> password anymore. 
>
> What do you think? 
>
> -- 
> Aymeric. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/39b51ddd-7eac-4087-bde4-d798c1728e2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.