FAS password on 3rd party pages?

[Vít Ondruch]

Hi guys,

Since you want to push Fedocal and Blocker tracking into production, 
would you mind to change you login forms, that I don't have to enter my 
FAS password into your application dialog boxes? Although I understand 
that they are Fedora's application, hosted on Fedora's infrastructure, 
etc. , I don't feel comfortable to enter my FAS password into various 
applications, which I consider 3rd party from this perspective.


Thank you.

Vít
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[Pierre-Yves Chibon]

On Thu, 2013-04-25 at 10:07 +0200, Vít Ondruch wrote:
> Hi guys,
> 
> Since you want to push Fedocal and Blocker tracking into production, 
> would you mind to change you login forms, that I don't have to enter my 
> FAS password into your application dialog boxes? Although I understand 
> that they are Fedora's application, hosted on Fedora's infrastructure, 
> etc. , I don't feel comfortable to enter my FAS password into various 
> applications, which I consider 3rd party from this perspective.

Do you consider the wiki, pkgdb, bodhi as 3rd party apps?

Pierre
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[Vít Ondruch]

Dne 25.4.2013 10:09, Pierre-Yves Chibon napsal(a):

On Thu, 2013-04-25 at 10:07 +0200, Vít Ondruch wrote:

Hi guys,

Since you want to push Fedocal and Blocker tracking into production,
would you mind to change you login forms, that I don't have to enter my
FAS password into your application dialog boxes? Although I understand
that they are Fedora's application, hosted on Fedora's infrastructure,
etc. , I don't feel comfortable to enter my FAS password into various
applications, which I consider 3rd party from this perspective.

Do you consider the wiki, pkgdb, bodhi as 3rd party apps?

Pierre


Well, you are right, they should be adjusted as well. Copr is doing it 
better.



Vít
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[Pierre-Yves Chibon]

On Thu, 2013-04-25 at 10:31 +0200, Vít Ondruch wrote:
> Dne 25.4.2013 10:09, Pierre-Yves Chibon napsal(a):
> > On Thu, 2013-04-25 at 10:07 +0200, Vít Ondruch wrote:
> >> Hi guys,
> >>
> >> Since you want to push Fedocal and Blocker tracking into production,
> >> would you mind to change you login forms, that I don't have to enter my
> >> FAS password into your application dialog boxes? Although I understand
> >> that they are Fedora's application, hosted on Fedora's infrastructure,
> >> etc. , I don't feel comfortable to enter my FAS password into various
> >> applications, which I consider 3rd party from this perspective.
> > Do you consider the wiki, pkgdb, bodhi as 3rd party apps?

> Well, you are right, they should be adjusted as well. Copr is doing it 
> better.

So you are in fact speaking about porting our apps to use OpenID, which
is indeed something we are working on.
But, don't you consider OpenID as a 3rd party application as well ? :)

Pierre
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[Vít Ondruch]

Dne 25.4.2013 10:57, Pierre-Yves Chibon napsal(a):

On Thu, 2013-04-25 at 10:31 +0200, Vít Ondruch wrote:

Dne 25.4.2013 10:09, Pierre-Yves Chibon napsal(a):

On Thu, 2013-04-25 at 10:07 +0200, Vít Ondruch wrote:

Hi guys,

Since you want to push Fedocal and Blocker tracking into production,
would you mind to change you login forms, that I don't have to enter my
FAS password into your application dialog boxes? Although I understand
that they are Fedora's application, hosted on Fedora's infrastructure,
etc. , I don't feel comfortable to enter my FAS password into various
applications, which I consider 3rd party from this perspective.

Do you consider the wiki, pkgdb, bodhi as 3rd party apps?

Well, you are right, they should be adjusted as well. Copr is doing it
better.

So you are in fact speaking about porting our apps to use OpenID, which
is indeed something we are working on.


Thats good, thanks.


But, don't you consider OpenID as a 3rd party application as well ? :)


It is at least one single place to trust.

Vít
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[Tim Flink]

On Thu, 25 Apr 2013 10:07:25 +0200
Vít Ondruch  wrote:

> Hi guys,
> 
> Since you want to push Fedocal and Blocker tracking into production, 
> would you mind to change you login forms, that I don't have to enter
> my FAS password into your application dialog boxes? Although I
> understand that they are Fedora's application, hosted on Fedora's
> infrastructure, etc. , I don't feel comfortable to enter my FAS
> password into various applications, which I consider 3rd party from
> this perspective.

Similar to fedocal, we're planning to migrate blockerbugs over to openid
before F20 but that's a non-trivial change and I imagine that you'd
still be concerned about our use of bugzilla passwords even if we were
using openid.

On the bright side, the only thing that the blockerbugs app uses the
password for is to propose blocker/fe bugs and that can still be done
manually in bugzilla.

Out of curiosity, what do you consider to be FAS password-using apps
which are not 3rd party?

Tim


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[seth vidal]

On Thu, 25 Apr 2013 10:57:54 +0200
Pierre-Yves Chibon  wrote:

> On Thu, 2013-04-25 at 10:31 +0200, Vít Ondruch wrote:
> > Dne 25.4.2013 10:09, Pierre-Yves Chibon napsal(a):
> > > On Thu, 2013-04-25 at 10:07 +0200, Vít Ondruch wrote:
> > >> Hi guys,
> > >>
> > >> Since you want to push Fedocal and Blocker tracking into
> > >> production, would you mind to change you login forms, that I
> > >> don't have to enter my FAS password into your application dialog
> > >> boxes? Although I understand that they are Fedora's application,
> > >> hosted on Fedora's infrastructure, etc. , I don't feel
> > >> comfortable to enter my FAS password into various applications,
> > >> which I consider 3rd party from this perspective.
> > > Do you consider the wiki, pkgdb, bodhi as 3rd party apps?
> 
> > Well, you are right, they should be adjusted as well. Copr is doing
> > it better.
> 
> So you are in fact speaking about porting our apps to use OpenID,
> which is indeed something we are working on.
> But, don't you consider OpenID as a 3rd party application as well ? :)
> 

Well I think the idea is simple enough - if there is one, branded and
obvious login page - and that page is openid then we're not training
our users to type their passwords into random websites.

-sv
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[Kevin Fenzi]

On Thu, 25 Apr 2013 09:11:00 -0400
seth vidal  wrote:

> Well I think the idea is simple enough - if there is one, branded and
> obvious login page - and that page is openid then we're not training
> our users to type their passwords into random websites.

Right. I think this is definitely where we are headed, but we aren't
there yet. ;( 

So, yes, I think we need to add support to fedocal and blockerbugs for
openid, but not sure it's a blocker for them moving to production now. 

Moving forward, we might consider making it a blocker, especially once
we have other things moved over to openid already, but I don't want to
change the goal posts for existing apps in the middle of the process. 

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: Hello World

[kevin]

On Mon, 22 Apr 2013 23:40:13 -0500
Robert Beatty  wrote:

> My name is Robert Beatty, Im currently an ambassador and free media
> program member. I am interested if anyone wants to sponsor me in
> joining infrastructure. I have a background in computer hardware and
> software, TCP/IP etc. Please let me know if anyone can help me out.
> 
> Robert
> PGP:28E0F6C6

Welcome!

If you haven't already, please take a look at: 
http://fedoraproject.org/wiki/Infrastructure/GettingStarted

it has a lot of great information in it. 

Please do introduce yourself on irc.freenode.net in #fedora-admin and/or at our 
next Fedora Infrastructure meeting (thursday's at 19:00UTC). 

Let us know if you are more interested in sysadmin type tasks (and we can see 
about adding you to our apprentice program: 
http://fedoraproject.org/wiki/Infrastructure_Apprentice ) or application 
maintaining/developing. 

If you aren't sure if infrastructure is the right place you want to contribute, 
do see: 
http://join.fedoraproject.org/ for a more detailed list of all the other teams 
in Fedora and how to communicate with them. 

Welcome again. Look forward to talking with you. 

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: Meeting Agenda Item: Introduction Ed Holmes

[Kevin Fenzi]

On Wed, 24 Apr 2013 21:58:44 +0100
Ed Holmes  wrote:

> Hello. I'm kinda new to this all but My name's Ed Holmes.
> 
> IRC: holmed
> 
> Skills: I can code in C/C++ and Python
> 
> Learn: I'd like to learn in depth how linux works.
> 
> To Work on: I'd like to work on how well Fedora works on Macs.
> Especially newer MacBooks. For example, when it is installed with
> rEFIt (a mac boot loader), it shows up various options (some bios,
> some EFI) but only one of the options work.

That sounds like you might like to help out getting grub2 working
better on those devices? Several ways to do that: 

- You can look at open grub2 bugs and try and provide patches or fixes: 
https://apps.fedoraproject.org/packages/grub2/bugs/all

- You can work with grub2 upstream project and help them improve
  support. 

- You could join the QA folks and help test things. 
https://fedoraproject.org/wiki/QA/Join

> Okay well i guess thats it. Also, since I've not had much experience
> of the actual workings of Linux, what language is primarily used? Or
> used the most?

Depends on what area you mean... :) 

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: Idea for a webapp: "Fedora Oculum"

[Kevin Fenzi]

On Mon, 22 Apr 2013 11:38:00 -0400
Ralph Bean  wrote:

> I started a new webapp over the weekend and Seth helped me get it set
> up on a cloud node this morning at http://209.132.184.189/
> 
> The idea is that you'll be able to click through the user's avatars to
> their profile page at, for instance, http://209.132.184.189/pingou.
> 
> The charts from their page are embeddable, so we can use it like
> gravatar.com.  Pierre could embed
> http://209.132.184.189/pingou/radar/?style=dark_solarized on his wiki
> page or personal site.

Neat!

I like it. 

Would this be it's own seperate app? Or would it make sense to have it
part of something like datagrepper? (since it's just collecting data
there right?)

...snip...

> I think its neat but I'm looking for feedback.  Is this an idea I
> should pursue?  Is it something we want?

I like it. ;) I think it could be handy... 

> The source is at http://github.com/ralphbean/oculum for now.

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: FAS password on 3rd party pages?

[Bruno Wolff III]

On Thu, Apr 25, 2013 at 12:31:54 -0600,
  Kevin Fenzi  wrote:

On Thu, 25 Apr 2013 09:11:00 -0400
seth vidal  wrote:


Well I think the idea is simple enough - if there is one, branded and
obvious login page - and that page is openid then we're not training
our users to type their passwords into random websites.


Right. I think this is definitely where we are headed, but we aren't
there yet. ;(


SAML is another way to handle logins to web based services without the 
services getting access to the credentials.

___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Summary/Minutes from today's Fedora Infrastructure meeting (2013-04-25)

[Kevin Fenzi]

#fedora-meeting: Infrastructure (2013-04-25)



Meeting started by nirik at 19:00:00 UTC. The full logs are available at
http://meetbot.fedoraproject.org/fedora-meeting/2013-04-25/infrastructure.2013-04-25-19.00.log.html
.



Meeting summary
---
* welcome y'all  (nirik, 19:00:01)

* New folks introductions and Apprentice tasks.  (nirik, 19:01:31)

* Applications status / discussion  (nirik, 19:02:39)
  * fedocal and blockerbugs apps are heading to production  (nirik,
19:02:57)
  * pkgdb release to prod today already. ;)  (nirik, 19:03:13)
  * new fedoratagger in production  (threebean, 19:03:22)
  * ask02 created and in service now.  (nirik, 19:05:55)
  * LINK: https://bugzilla.redhat.com/show_bug.cgi?id=955781
(threebean, 19:06:31)

* Sysadmin status / discussion  (nirik, 19:13:18)
  * added

hosted03/hosted04/collab03/collab04/fedocal01/fedocal02/blockerbugs01/blockerbugs02/ask02
in the last few days.  (nirik, 19:13:58)
  * outage for hosted move tomorrow.  (nirik, 19:14:39)
  * bugzilla will be updated soon to 4.4  (nirik, 19:17:30)
  * will send email about backups and revamping them to the list soon.
(nirik, 19:22:25)
  * LINK:

https://www.redhat.com/archives/bugzilla-announce-list/2013-April/msg2.html
(pingou, 19:26:08)
  * bugzilla upgrade scheduled for evening of the 27th  (nirik,
19:26:17)

* Private Cloud status update / discussion  (nirik, 19:27:08)
  * ready to install on fed-cloud01/03 for a test cloudlet  (nirik,
19:28:13)
  * will look at using RDO to install test cloudlet  (nirik, 19:30:11)
  * will look at adding cinder volumes from each of the compute nodes to
increase available volume space.  (nirik, 19:32:40)
  * skvidal working on f19a image for cloud  (nirik, 19:33:27)

* Upcoming Tasks/Items  (nirik, 19:35:10)
  * 2013-04-26 - 19UTC hosted migration/switch hosted to openid  (nirik,
19:35:34)
  * 2013-04-27 - bugzilla 4.4 upgrade? (tenative)  (nirik, 19:35:34)
  * 2013-04-30 - 21UTC lists.fedoraproject.org migration.  (nirik,
19:35:34)
  * 2013-05-01 nag fi-apprentices  (nirik, 19:35:34)
  * 2013-05-08 drop inactive apprentices  (nirik, 19:35:34)
  * 2013-05-14 to 2013-05-28 BETA infrastructure freeze  (nirik,
19:35:34)
  * 2013-05-28 F19 beta release  (nirik, 19:35:34)
  * new bladecenter should arrive sometime in the next few weeks
hopefully.  (nirik, 19:39:43)
  * new netapp space should arrive sometime in the next few weeks or so
(nirik, 19:39:56)

* Open Floor  (nirik, 19:42:11)
  * LINK: https://fedoraproject.org/wiki/Infrastructure_FedoraBugzilla
<- do we want to bring that up on list(s) and start getting more
input?  (nirik, 19:43:06)

Meeting ended at 19:57:58 UTC.




Action Items






Action Items, by person
---
* **UNASSIGNED**
  * (none)




People Present (lines said)
---
* nirik (142)
* skvidal (64)
* abadger1999 (26)
* pingou (24)
* tflink (24)
* cyberworm54 (6)
* threebean (6)
* kushalkhandelwal (6)
* zodbot (4)
* jerzyr (2)
* Smoother1rOgZ (1)
* ausmarton (1)
* lmacken (1)
* smooge (1)
* rdieter (1)
* relrod (1)
* ricky (0)
* mdomsch (0)
* dgilmore (0)
* CodeBlock (0)
--
19:00:00  #startmeeting Infrastructure (2013-04-25)
19:00:00  Meeting started Thu Apr 25 19:00:00 2013 UTC.  The chair is 
nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:00  Useful Commands: #action #agreed #halp #info #idea #link 
#topic.
19:00:01  #meetingname infrastructure
19:00:01  #topic welcome y'all
19:00:01  #chair smooge skvidal CodeBlock ricky nirik abadger1999 
lmacken dgilmore mdomsch threebean
19:00:01  The meeting name has been set to 'infrastructure'
19:00:01  Current chairs: CodeBlock abadger1999 dgilmore lmacken 
mdomsch nirik ricky skvidal smooge threebean
19:00:08 * relrod here
19:00:18 * lmacken 
19:00:19 * ausmarton is here
19:00:29 * pingou here
19:00:30  is here - rl9x4 ;)
19:00:33 * threebean is here
19:00:47 * abadger1999 here
19:00:49 * tflink is here
19:01:25  cool. lets go ahead and start in...
19:01:31  #topic New folks introductions and Apprentice tasks.
19:01:37 * cyberworm54 is here
19:01:39  any new folks? or apprentices with questions or comments?
19:02:08  ..
19:02:19  do note everyone should feel free to chime in with questions 
or comments as we go. ;)
19:02:39  #topic Applications status / discussion
19:02:46  so, new application news?
19:02:57  #info fedocal and blockerbugs apps are heading to production
19:03:13  #info pkgdb release to prod today already. ;)
19:03:22  #info new fedoratagger in production
19:03:33  something to test and provide feedback on: 
http://209.132.184.188/
19:03:44  (lazy Sunday work)
19:04:04  cool. nice looking there pingou!
19:04:31  nirik: I will not hide where the inspiration from the theme 
comes from ;)
19:04:39  s/from/for/
19:05:02 * skvidal is here
19:05:03  threebean:

Re: FAS password on 3rd party pages?

[Chris Dix]

SAML is indeed one method of passing a secure token to another app/service.
Implementing SSO would probably be a great move forward to consolidate your
source of truth for Fedora users in one location.

Whatever mechanism you choose to use to implement SSO, you need to consider
the ease to integrate it with our existing applications. This will likely
be a code change for many applications.

C
On Apr 25, 2013 4:07 AM, "Vít Ondruch"  wrote:

> Hi guys,
>
> Since you want to push Fedocal and Blocker tracking into production, would
> you mind to change you login forms, that I don't have to enter my FAS
> password into your application dialog boxes? Although I understand that
> they are Fedora's application, hosted on Fedora's infrastructure, etc. , I
> don't feel comfortable to enter my FAS password into various applications,
> which I consider 3rd party from this perspective.
>
> Thank you.
>
> Vít
> __**_
> infrastructure mailing list
> infrastructure@lists.**fedoraproject.org
> https://admin.fedoraproject.**org/mailman/listinfo/**infrastructure
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Ask Fedora status update

[Rahul Sundaram]

Hi

(cc'ing Ankur since he has expressed interest in helping with the admin 
tasks)


*  Form for local login is still shown in the login page even though 
this is disabled.  This continues to cause confusion among new users and 
the fix is upstream


https://fedorahosted.org/fedora-infrastructure/ticket/3761

We need to pull this in as a hotfix and test it.

* FAS openid doesn't seem to be working for some people.  I am unsure of 
the current status


*  Cron job for sending reminders to accept an answer

https://fedorahosted.org/fedora-infrastructure/ticket/3762

We have enabled this feature but it is essentially non-functional 
without the cron job running


*  Enabling Ask Fedora to send emails async

https://fedorahosted.org/fedora-infrastructure/ticket/3763

Celery was an option but there seems to be some amount of concern with 
the additional complexity.  Upstream is of the opinion that celery isn't 
that much of an overhead


http://askbot.org/en/question/10531/simpler-alternative-to-celery/

I looked out for options and the one that is actively maintained is 
django post office


https://pypi.python.org/pypi/django-post_office

It isn't packaged yet but requires no code changes and very simple 
configuration.  If someone has the time, please test this in staging.  I 
will do the packaging once it is confirmed that it serves our purpose.


Older pending tasks
---

* Fedora theme

Related:

* Making optional fields in FAS more obvious

https://lists.fedoraproject.org/pipermail/infrastructure/2013-March/012651.html

Rahul



___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: Ask Fedora status update

[Ralph Bean]

On Thu, Apr 25, 2013 at 05:50:36PM -0400, Rahul Sundaram wrote:
> Hi
> 
> (cc'ing Ankur since he has expressed interest in helping with the admin
> tasks)

This is a good task list to keep track of.  Thanks for compiling it,
Rahul.

Ankur, I'd be glad to help brainstorm about how to fix each of these.
Feel free to email me directly or get in touch on IRC if you'd like to
start working through them.


pgp7xZyTe9zV7.pgp
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: Ask Fedora status update

[Patrick Uiterwijk]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello,

I have been working on this last week.
The current status according me is:

On Thu, Apr 25, 2013 at 05:50:36PM -0400, Rahul Sundaram wrote:
> *  Form for local login is still shown in the login page even though
> this is disabled.  This continues to cause confusion among new users
> and the fix is upstream
This does not show anymore.
> * FAS openid doesn't seem to be working for some people.  I am
> unsure of the current status
This is a bug in FAS-OpenID (actually in HAProxy triggered by client code, but 
it's on the FAS-OpenID side), which I am currently working on.

Patrick
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBCgAGBQJReiJLAAoJEIZXmA2atR5Q2X4P/11im8MNzu9HjxlCIF24Q0N6
HqzZoyjczSB0KwaJKP2D6wegIEUP2Ly+SDx+VpDN/BMrDWKM3EXBaU98x6+19gUA
7FvEWUQni9ql29hrRAwioCgJF+04d9xcLW1HBGqXP9f/WjXvZh6TgT6/E0jiQzjg
urMXSYp5xR2e3idOP4KD0P3JPWoquYZUfwDj0le0CnOKsEGB/XUrDDpw6swXWZ9q
Z4Iu0CxE6b+vbDwT/PLCtOrLuabisxLCE+qtZq24nL0Qr8CfMpaeAaiiL4zMk26l
neYhHEbKhdnzAzldui62jY0PrAhzypdLDXYuacHNfD7OQdH92WRhBB8VQC1Zt0Zm
y/dZA7Nv0DlQ0vi0dgMB+LyKEwjfClJf9np/yXldzR9fDB3b/GcbTEplEuqLmVyE
br6FxzgkBpP6sAfXX31Yq4ztv82ng6ZxRgWPe/QI9ILa0Jciyu6vJMv/wwG7ov1K
c05QzewMgjhZBZhYRU7ql//+WXd2WgW75dASVHYvkF6BNh9LoT27EMKnXr9SigmG
3H0ufVaCVYyfwLQWDCKvEateO63ir/JRqPMc5dWHbZwOrZp0k2Cvy5CWhbM/FzFr
e4jvj/iUo1irNS+S5V1IOHdWbi77YdFs+FweFqXWvSFm70pRM3DNt3DiTL8zordD
JGc+ruxajyREcVZDU18D
=18JL
-END PGP SIGNATURE-
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure