#142 No OpenID login is available | Federated login

Open
opened 3 weeks ago by diogo · 5 comments
diogo commented 3 weeks ago

Could you please consider enabling this function in CodeBerg? It would make the adoption of this platform easier.

It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it's to contribute with a Merge Request, many rather just mail me the patches.

OpenID support can easily fix this and support is available in Gitea.

Kind regards,

Could you please consider enabling this function in CodeBerg? It would make the adoption of this platform easier. It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it's to contribute with a Merge Request, many rather just mail me the patches. OpenID support can easily fix this and support is available in Gitea. Kind regards,
diogo changed title from No OpenID login is available to No OpenID login is available | Federated login 3 weeks ago
Ghost commented 3 weeks ago

It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it's to contribute with a Merge Request, many rather just mail me the patches.

Just use disposable email address and fake name.

> It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it's to contribute with a Merge Request, many rather just mail me the patches. Just use disposable email address and fake name.
diogo commented 3 weeks ago
Poster

Ghost, that's not what I meant. These contributors aren't trying to stay anonymous, they just don't want to have to create one more account in yet another git host. This really is a request to add OpenID functionality in this website...

Ghost, that's not what I meant. These contributors aren't trying to stay anonymous, they just don't want to have to create one more account in yet another git host. This really is a request to add OpenID functionality in this website...
hw commented 3 weeks ago
Owner

they just don't want to have to create one more account in yet another git host

that's exactly the point of alternative git hosting, that users like it and come there ;)

If there is nothing wrong with “the other (previous) git host”, there would be no need for this platform.

Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article).

> they just don't want to have to create one more account in yet another git host that's exactly the point of alternative git hosting, that users like it and come there ;) If there is nothing wrong with "the other (previous) git host", there would be no need for this platform. Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article).
diogo commented 3 weeks ago
Poster

If there is nothing wrong with “the other (previous) git host”, there would be no need for this platform.

But, @hw, users might enjoy gitlab and want to contribute on a project hosted in codeberg - it doesn't mean they think there's something wrong with GitLab. In the described scenario, they just would like to reduce the number of accounts they have to maintain around in order to contribute to the various different projects they support.

Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article).

The protocol had it struggles, as many did. It's fairly safe these days as long as it is properly implemented and, as you've noted, “a direct login is established after the initial handshake”.

Anyway, if you feel something like OpenID goes against CodeBerg's ideals, I'm okay about it.

To give some context, I'm hosting GNU social at https://notabug.org/diogo/gnu-social after we had some issues with the canonical repository. Unfortunately, NotABug doesn't promote much technical support and lately has revealed a couple of instabilities, limitations and - ironically - bugs.

I was, therefore, studying the possibility of moving the current repository to another git host that aligns well with GNU social's community ideals.

> If there is nothing wrong with “the other (previous) git host”, there would be no need for this platform. But, @hw, users might enjoy gitlab and want to contribute on a project hosted in codeberg - it doesn't mean they think there's something wrong with GitLab. In the described scenario, they just would like to reduce the number of accounts they have to maintain around in order to contribute to the various different projects they support. > Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article). The protocol had it struggles, as many did. It's fairly safe these days as long as it is properly implemented and, as you've noted, "a direct login is established after the initial handshake". Anyway, if you feel something like OpenID goes against CodeBerg's ideals, I'm okay about it. To give some context, I'm hosting GNU social at https://notabug.org/diogo/gnu-social after we had some issues with the canonical repository. Unfortunately, NotABug doesn't promote much technical support and lately has revealed a couple of instabilities, limitations and - ironically - bugs. I was, therefore, studying the possibility of moving the current repository to another git host that aligns well with GNU social's community ideals.
hw commented 3 weeks ago
Owner

I'm hosting GNU social

sounds like a perfect fit to Codeberg.org's aims! Welcome!

btw, maybe you want to have a chat with @ashimokawa : as it turned out, initial worries that users might hesitate to follow with issues, PRs and contributions turned out to be unjustified ;)

> I'm hosting GNU social sounds like a perfect fit to Codeberg.org's aims! Welcome! btw, maybe you want to have a chat with @ashimokawa : as it turned out, initial worries that users might hesitate to follow with issues, PRs and contributions turned out to be unjustified ;)
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.