On Mon, Oct 17, 2022 at 5:29 PM Sam Hartman <hartm...@debian.org> wrote: > > I think the minimal solution here, which I'm not volunteering to do, is > for tracker.debian.org to gain salsa sso support instead of client cert > support.
Can point out the tracker.d.o code? Maybe I'll take a look, I find this topic interesting (but I can't promising anything - short on time and never done stuff like this before). On Tue, Oct 18, 2022 at 4:53 AM Paul Wise <p...@debian.org> wrote: > > On Mon, 2022-10-17 at 21:28 +0200, Joerg Jaspert wrote: > > > Salsa should be there for git (related) things. > > NOT as an identity/login provider for Debian > > There are already Debian services that do not offer any other option > for auth than Salsa. > > Personally I do not like GitLab, Salsa nor OIDC/Oauth2, vastly prefer > TLS client certs and thus usually never use Salsa authed services. > > Arguably it is probably a good thing to use Salsa, since it means > services can have an auth option for all of the Debian contributors, > including those who are not currently DDs or DMs. I think this more an argument against Salsa than one for it - just having a Salsa account does not really put you into any "box" except whether you are part of the Debian group or not. Having a "proper" SSO that connects to db.d.o and has proper groups such as DD, non-uploading DD, DM, etc is not a bad idea. Again, not saying that it is worth the effort. On Mon, Oct 17, 2022 at 2:04 PM Yadd <y...@debian.org> wrote: > > Also lemonldap-ng, already packaged Cool, didn't know that one, thanks for pointing out. Do you by any chance know whether it supports client certs or not? Since it seems there are ppl prefering client certs, it would be nice to have an option that supports both.
