[Mailman-Developers] HyperKitty login

Thu May 31 17:20:15 CEST 2012

On Thu, May 31, 2012 at 05:00:48PM +0900, Stephen J. Turnbull wrote:
> Richard Wackerbarth writes:
>  > Stephen,
>  > 
>  > "social_auth" is a django "app" (Think library) that handles
>  > OpenID, BrowserID, Google, Twitter, etc. authentication.
> 
> Yeah, I think all the mentors and most of the other subscribers here
> can figure that out.  The questions are "which one?" (just an URL will
> do) and "why this one?" (ie, what are the design requirements and how
> does this app compare to the alternatives in meeting them?)
> 
> Requirements and design are important, and the GSoC developers (==
> students) should be doing this work and reporting on it IMO.
> 
>  > It is with the DRY principal in mind that I think we should "wrap"
>  > it to make a common login manager app that will be used by both HK
>  > and postorius.
> 
> Again, I think we all agree on that.  My question is, that implies a
> set of requirements sufficient for both HyperKitty and Postorius.  Why
> do we believe that such a set of requirements is known, and satisfied
> by the design?  And how about Alex's NNTP access?  If access to the
> archives is to be authenticated, then we would want the NNTP access to
> be authenticated, and consistent with HyperKitty.  Can a Django
> authentication system do that?  Can social_auth?
> 
> Aamir is explicitly working on HyperKitty.  While it makes a whole lot
> of sense for him to generalize the authorization module to Postorius
> (and one would hope beyond), this does require communication with the
> people doing Postorius.  If he's talked to them and believes there's
> agreement on requirements, all I want to see is "I've talked to
> Florian on IRC about Postorius requirements for authorization, and we
> agree that they have the same requirements (see my blog)."  Of course
> he's welcome to post as much detail as he likes!
> 
> By the way, I think we should let the developers speak for themselves.
> I don't have any objection to developers getting a lot of help from
> mentors, but they should be able to present and to some extent defend
> their own work.  If there's a language issue -- AFAIK none of our
> students are native English speakers -- they should feel free to say
> so, too, and we'll work that out.
>
I think that the mailing list is one of the public places where GSoC
students should be soliciting feedback and discussion.  So they should be
posting half-baked ideas here to get them more fully developed with the help
of other contributors.  Florian wasn't available on IRC yesterday when Aamir
and wacky discussed how to design the authentication so that both postorius
and hyperkitty could use it so I asked Aamir to get in touch with him via
email "and the list" because I wanted to know what Florian thought of this
architecture and it seemed to me that others would as well.  No sense having
that conversation via private email and then reporting to the list (and
getting more feedback from others then) if the discussion could happen on
the mailing list in the first place.

That said, there probably is a little bit of a language (or perhaps open
source cultural) issue going on as well.  Aamir, it'd be great if you could
post some more information about this app, how it works, and how it
integrates with the stuff that postorius uses already.  And it would also be
great if you made sure to mention that you were looking for Florian's input
specifically :-)

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20120531/ae5d26b8/attachment.pgp>