On 2011-04-20 20:08:09 (+0200), Michael Schroeder
On Wed, Apr 20, 2011 at 08:02:04PM +0200, Pascal Bleser wrote:
(changed the Subject, more suitable, but still related to "iChain or iPain")
Let me first state this, just to try to avoid being misunderstood: thanks a lot to the OBS team at Novell to come up with a solution [1].
[1] which is most probably this, looks cool: https://gitorious.org/opensuse/apache-mod_auth_memcookie
But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg.
Sorry to interrupt your fine rant, but the mod_auth_memcookie modules wasn't created by us. We just modified it a bit so that we can use mod_ldap to create a session.
I know, I found the original mod_auth_memcookie. It's a nice concept, I'm absolutely not arguing against the solution, at all. The rant (yes, it's a rant, sorry for the tone, but please extract the content in it) was about the fact that many architectural decisions, such as this one, or the technical design of the OBS itself, happens exclusively in a few offices in Nürnberg. I'm sure you can see that our community consists of many people, some of which have experience with such things, and ideas and know-how to contribute. Some actually do that kind of stuff for work. And might even have a lot more know-how about a particular topic than you do (or Adrian or myself or ...). I'm merely saying that such architectural discussions and brainstormings should happen in the public, not just in a very few Novell offices, because I'm sure that at least on some topics, there are a few people who can contribute. And they should happen early, not when everything has already been decided. In this particular case, I'm not arguing about mod_auth_memcookie, I'm arguing about 1) the initiative to replace ichain (which is awesome), 2) the brainstorming about what alternative SSO solution to use (and what you've picked seems like a good idea), 3) the decision on which solution to implement, have all happened behind closed doors. You may very well do this, of course, but then don't be surprised if no one contributes time and code. Because that just comes around as "here is what must be done, now do" and then complain "pfff community here, community there, but no one contributes". Wrong way around, IMHO. And I know it isn't easy, almost every good software engineer just jumps on an issue and tries to solve it by herself, rather than writing about it and exchange ideas with others. I've been and still will be guilty of the same shortcoming too. I hope my formulation is more useful like this, rather than as a rant :) cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf