[ANN] Please use Gerrit from now on for Patch Review

Lionel Elie Mamane lionel at mamane.lu
Wed Jun 20 22:09:15 PDT 2012 

On Wed, Jun 20, 2012 at 10:46:24PM +0200, Bjoern Michaelsen wrote:

> On Wed, Jun 20, 2012 at 09:47:48PM +0200, Lionel Elie Mamane wrote:

>> However, our current setup *requires* an OpenID; is it an option to
>> make that optional (and allow people to e.g. use a "classic"
>> username+password for the web interface)?

> no.

Ah. Too bad.

>> People like that (yes, I'm one of them) will balk at the
>> requirement of giving a third party (and anybody able to twist
>> their arm... like the surveillance agencies of governments)
>> unlimited power to impersonate them (to websites that use
>> OpenID). So they'll want to run their own OpenID end points;

> But having a third party that is as trustworthy as TDF shouldnt be
> too hard as there are already lots and lots of OpenID providers.

Using a TDF OpenID provider to login at gerrit.libreoffice.org would
be OK since I'm authenticating with the TDF... So the TDF being able
to "impersonate me" on its own system... err... its sysadmins can do
that whatever I do. Freedesktop too, since our repos are at
freedesktop, so the freedesktop admins can meddle with our repos, and
we decided this is OK.

But frankly, why should Google, AOL, Wordpress or another person be
able to impersonate me at the TDF systems?

> And if you are paranoid you would use your OpenID account just for
> one purpose -- that will give you enough plausible deniability.

OK, say I open a Google account for each website that wants an OpenID
login for me. How does that improve the situation with regards of
Google being able to impersonate me at these websites?

>> My point is basically that it is too much of an investment for a
>> casual contributor... If we could make that easier by allowing plain
>> username+password (or exporting bugzilla accounts over OpenID? I guess
>> that would be *more* work), I feel it would lower the barrier to entry
>> to gerrit.

> I think you are part of a very, very rare demographic there (no
> wordpress, no google, no launchpad, no yahoo, no blogger, no
> myspace, no flickr)

It is not about *having* an account there, it is about deciding one of
these people should be able to use my TDF account. Else I'd have just
opened an account at one of these websites.

-- 
Lionel

More information about the LibreOffice mailing list