I am CC'ing the board, since we have a disagreement here and the possible
consequences for the entire project.
For the board, we do discuss the successor of the existing identity
management system used for SUSE and openSUSE services. The system hosted
by MF-IT will be shut down next month and SUSE will move their data to a system
currently build up by eng-infra team. Indepdend of that Stasiek has
built up an alternative solution inside the openSUSE-heroes network.
On Mittwoch, 29. April 2020, 05:06:18 CEST wrote Stasiek Michalski:
On Tue, Apr 28, 2020 at 18:56, Stasiek Michalski <hellcp(a)opensuse.org>
> On Tue, Apr 28, 2020 at 07:48, Adrian Schröter <adrian(a)suse.de>
>> Sorry, but we won't use these for OBS and bugzilla at least. This
>> I do not really invest in syncing accounts also with our other
>> (including also our internal build service).
(I wrote some more reasons here, repeating below)
> Discussions on OBS's support of any other
technologies should happen
You can discuss here if something should be implemented, but this is
independ of the questions what we will use on our production instance.
this as soon
as we started with a realization that OBS will be the
problematic piece of software, since only it doesn't support what is
Here, as a sidenote, we could also use mod_auth_gssapi  with form
intercept , but I don't think we should treat that as a long term
solution, since that makes OBS ignore the SSO functionality entirely.
We do *NOT* speak about technical implementation details here atm.
The big topic are the legal, trust and policy changes here. You basically ask
for root access on every user installation which uses any repository
from OBS. And you ask for access to content SUSE gets only under hard NDA's.
Also legal would need to clarify if openSUSE would still be the same
legal entity for this data as before and if a duplication is acceptable
(because this is personal data which is under DSGVO regulations).
In short this most likely violates a number of contracts, certifications and law's.
The consequences of this are that we most likely need to revoke GPG keys,
setup another instance of OBS and bugzilla, move content over, inform
users public and individually and ask for permission to import their data
into your new system.
But these are just the problems on first glance, I am sure there is more.
Therefore I do not want to discuss this atm on short notice, but postone
it to a later point. Instead sticking to the solution from eng-infra
to avoid that we need to shutown OBS, bugzilla and possibly also
further openSUSE infrastructure in next weeks.
We can later on discuss it without the time pressure. And include also
the goals for the entire project and all stakeholders into this.
Furthermore it is my private opinion that we should not confuse openSUSE
users by the launch of two independ account systems at the same time.
Instead we should aim for the opposite, allowing the usage of external
accounts (like Google and friends) optionally to avoid the hurdle of
creating an account.
Daniel can give you some insight about their system and how it can
be used also inside of the heroes network.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org