Requesting feedback on authentication at trac-hacks.org

[RjOllos]

After having some success deploying GitHub authentication on another public Trac site that will soon go live, I got to thinking about doing the same for trac-hacks.org. The trac-github (1) plugin seems pretty stable, and the maintainer is doing a good job in quickly fixing issues. I have the impression that it will be dependable in the long term.

We are currently using basic authentication on trac-hacks.org and password reset is not working correctly (2).

Before proceeding I'd like to ask for feedback. Would anyone dislike the change from basic authentication with passwords stored on trac-hacks.org to authentication provided by GitHub? Would anyone consider this to be an improvement?

If you are favor the change I'd appreciate a quick reply to upvote. If you are against the change please give a brief explanation of your objections.

Eventually we might be able to support multiple authentication methods, but I'm not sure that can be done at this time.

Thanks,

- Ryan

(1) https://github.com/trac-hacks/trac-github

(2) https://trac-hacks.org/ticket/11869#comment:11

[Olemis Lang]

On 8/6/15, RjOllos <rjo...@gmail.com> wrote:
>
[...]

>
> authentication provided by GitHub? Would anyone consider this to be an
> improvement?
>

Improvement ? IMO not particularly .

> If you are favor the change I'd appreciate a quick reply to upvote. If you
> are against the change please give a brief explanation of your objections.
>

+0 for now ... questions :

- What is the plan regarding repository access ?
To get rid of svn and migrate all repos onto github ?
- What about RPC auth @trac-hacks.org ?

[...]

--
Regards,

Olemis - @olemislc

Apache™ Bloodhound contributor
http://issues.apache.org/bloodhound
http://blood-hound.net

Blog ES: http://simelo-es.blogspot.com/
Blog EN: http://simelo-en.blogspot.com/

Featured article:

[RjOllos]

On Thursday, August 6, 2015 at 5:44:38 PM UTC-7, olemis wrote:

On 8/6/15, RjOllos <rjo...@gmail.com> wrote:
>
[...]
>
> authentication provided by GitHub? Would anyone consider this to be an
> improvement?
>

Improvement ? IMO not particularly .

> If you are favor the change I'd appreciate a quick reply to upvote. If you
> are against the change please give a brief explanation of your objections.
>

+0 for now ... questions :

  - What is the plan regarding repository access ?
    To get rid of svn and migrate all repos onto github ?

No, I didn't suggest anything of the sort. This is just about authentication.

 

  - What about RPC auth @trac-hacks.org ?

 

Unsure. I don't know that anyone uses authenticated RPC.

Your last login was 17 months ago, so I can't imagine you'd even notice if we removed basic authentication.

[RjOllos]

On Thursday, August 6, 2015 at 6:07:58 PM UTC-7, RjOllos wrote:

  - What is the plan regarding repository access ?
    To get rid of svn and migrate all repos onto github ?

No, I didn't suggest anything of the sort. This is just about authentication.

I see now the major flaw in the proposed change. There's probably no way to authenticate Subversion repository access through GitHub.

I didn't think about that since the other site on which trac-github is deployed doesn't host repositories.

[Olemis Lang]

On 8/6/15, RjOllos <rjo...@gmail.com> wrote:
> On Thursday, August 6, 2015 at 5:44:38 PM UTC-7, olemis wrote:

[...]

>>
>> - What is the plan regarding repository access ?
>> To get rid of svn and migrate all repos onto github ?
>>
>
> No, I didn't suggest anything of the sort. This is just about
> authentication.
>

My point is , if you are still going to have HTTP auth for the
repository then you'd be maintaining both auth schemes to make'em work
together . Therefore users will still have to register and setup a
password and so on . In the end this is all up to you . Adding github
logins might be helpful for devs who use Github frequently . I rarely
use it though . Indeed I interact with t.h.o in anonymous mode most of
the time .

>
>> - What about RPC auth @trac-hacks.org ?
>>
>
> Unsure. I don't know that anyone uses authenticated RPC.
>

... well , for instance , at a given point in time I'd like a CI
server to modify tickets when tests are reported as failures .

> Your last login was 17 months ago, so I can't imagine you'd even notice if
> we removed basic authentication.
>

Really ? Thanks for taking the time to do this research . That's
interesting because I never do so . I always interact with t.h.o as
anonymous user , so I was estimating this to be few years ago , to be
honest .

[Olemis Lang]

On 8/6/15, RjOllos <rjo...@gmail.com> wrote:

[...]

Exactly . That's why I asked whether you were thinking of moving
version control on to github . If that was the case then Github auth
might make more sense ; otherwise it might be an extra effort .

[RjOllos]

On Friday, August 7, 2015 at 8:01:53 AM UTC-7, olemis wrote:

On 8/6/15, RjOllos <rjo...@gmail.com> wrote:
> On Thursday, August 6, 2015 at 6:07:58 PM UTC-7, RjOllos wrote:
>>
>>   - What is the plan regarding repository access ?
>>>     To get rid of svn and migrate all repos onto github ?
>>>
>>
>> No, I didn't suggest anything of the sort. This is just about
>> authentication.
>>
>
> I see now the major flaw in the proposed change. There's probably no way to
>
> authenticate Subversion repository access through GitHub.
>
> I didn't think about that since the other site on which trac-github is
> deployed doesn't host repositories.
>
[...]

Exactly . That's why I asked whether you were thinking of moving
version control on to github . If that was the case then Github auth
might make more sense ; otherwise it might be an extra effort .

The trac-github plugin would need some modification in order to allow GitHub oauth authentication in parallel with HTTP basic authentication.

I'd like to eventually add that, as well as other oauth providers such as BitBucket, but that will likely be a bit further down the line.

For now, I've added the item to:

https://trac-hacks.org/wiki/SiteUpgradeProposal?action=diff&version=63

- Ryan