From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 081063858D20; Fri, 17 May 2024 13:42:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 081063858D20 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 081063858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=45.83.234.184 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715953342; cv=none; b=QODRh5GMieslhMyDTzlw9YzC5eXInR7KaTl4+hWy65DqZulG5u4s1vyFxN/XKBFLW3+kYQsx4mJ4awzSvtMFc2sLzDC4DiT0UjbfjLP/DxyjvGMITuLEGbZswKsPetC2/1PurAPVmTSw2wY4bPcgc0npKxVJmI6/7Zm/jSfMKGs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715953342; c=relaxed/simple; bh=NN8NQTD64+X60tjqd3x9bpJ27cKhaLHwRbTGPyivySc=; h=Message-ID:Subject:From:To:Date:MIME-Version; b=fnYNi8PxN7JYNHeMeHa0O3TouP1uD6yMO1Qy2BVS/xhxDFnZKTiraQ/OdwVe/BDeAsTkdC3H2OuO1tWBQokO9AbN+H7Hq0721w//kNTgPWq1JVd6bt3Nh7FNZkgxaDNl52+SsLOCJQKTL9QKSIcNE5mq14CvqB0IBu12SNAywTE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 1EE063000648; Fri, 17 May 2024 15:42:19 +0200 (CEST) Received: by r6.localdomain (Postfix, from userid 1000) id C9EA13402EC; Fri, 17 May 2024 15:42:18 +0200 (CEST) Message-ID: <3b0954f4791ad2eec08db59ac93353ebe75f2151.camel@klomp.org> Subject: Re: Updated Sourceware infrastructure plans From: Mark Wielaard To: Cristian =?ISO-8859-1?Q?Rodr=EDguez?= Cc: overseers@sourceware.org, libc-alpha@sourceware.org Date: Fri, 17 May 2024 15:42:18 +0200 In-Reply-To: References: <20240417232725.GC25080@gnu.wildebeest.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.1 (3.52.1-1.fc40) MIME-Version: 1.0 X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi Cristian, On Thu, 2024-05-16 at 11:58 -0400, Cristian Rodr=C3=ADguez wrote: > On Wed, Apr 17, 2024 at 7:28=E2=80=AFPM Mark Wielaard wr= ote: >=20 >=20 > > More feedback is always welcome. See the various contact options at > > https://sourceware.org/mission.html#organization >=20 > Sorry to revive this oldish thread but I didn't find any other thread > where my suggestions will be on-topic >=20 > Today I looked at patchwork briefly and found out I need to register > an account, bugzilla also needs an account, pretty much everything you > add will in one way or another register an account. > Do your plans include some sort of single sign on ? ideally one that > does not need to register new accounts. or at the very least if "login > with is not acceptable..a > sourceware-specific keycloak instance that replaces all ad-hoc login > methods? Good question. There is also the wiki, where you have to create an account yourself and then be granted access to the EditorGroup. And of course when we introduce a "pull request" service, being it through gerrit or some other method, we will want it to be easily accessible. Things used to be easy some years back. You only needed an account for pushing commits to a specific project repository. But you could just submit patches through email that others could commit for you. Accounts for bugzilla or the wiki could be created by hand and gave you immediate permission to submit issues or improvements. Sadly spammers ruined everything. For email patch submissions we seem to handle it mostly OK (thanks spamassassin). But for bugzilla and the wikis we had to hand approve everything. Otherwise spammers would mass create accounts and just produce so much spam comments the system just wasn't usable anymore. So for patchwork and the experimental gerrit server we are setting up now you can self-register and use the service directly. Spammers don't seem to have found a way abuse those systems yet. But patchwork has already accumulated 5000+ accounts... And they aren't linked. patchwork uses the django user framework, the current gerrit setup uses keycloak (but Sergio would like to switch to Authentik). Bugzilla uses its own user framework, as does MoinMoin. It would be great to have one account system to rule them all. But we will probably always have to have some procedure to register/enable accounts to keep spammers out. Hopefully if an account is approved for one system then we can trust the user to contribute through any of the others. Cheers, Mark