[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Review of personal information sources in Debian

On Wed, Aug 15, 2012 at 10:12:33AM +0100, Martín Ferrari wrote:

> > Indeed: nm.debian.org is currently the authoritative database for the
> > status of people contributing to Debian, and it already tracks, for
> > example, DMs and people with guest account.
> This is news for me, and it looks like a very useful starting point.
> And it just made me discover sso.debian.org, that's great news too!

:) I'm sorry I'm far too busy working on the site and on other FD/DAM
things to be able to publicise it properly. Consider this an open call
for help O:-)

> I couldn't see what the NM site allows me to do (I created a password
> in db.debian.org, but it seems to take some time to propagate, adding
> this info to the login page might be useful). But I concur that
> managing one's identity would be good. I'd also add to that a way of
> managing the different email addresses associated, because that's the
> main problem I see for integrating different sources of information
> about one person. Currently, many tools in Debian still don't
> recognise that tincho@ and martin.ferrari@ are the same person.

Indeed. Currently once you log in nm.d.o you can see more information,
advocate people or do AM work if you are an AM. Login is restricted to
DDs because that's how DACS works at the moment, but I'm trying to
figure out how to change that.

I'd like to add a 'preferences' page where one could do some identity
management. I want to avoid having nm.d.o be the primary data source for
anything except the status of people in Debian, and I'd rather hook into
other existing databases whenever possible.

In terms of managing one's visible full name, for example, this means
that I was planning to just allow people to choose which of the various
full names they have in Debian (for example, the primary UID on their
GPG key) should be the default on the site.

The multiple email situation can be addressed by interfacing with the
MIA database, which already tracks this kind of information, of course
after a little discussion on what bits of it can be publicly exposed and
what shouldn't.

Then, once the site shows things right, a REST API can take care of
allowing the information to be reused by other bits of Debian.

> > Code is at http://anonscm.debian.org/gitweb/?p=nm/nm2.git;a=summary
> > What did you have in mind?
> Something very similar to this, but I thought I would have to rely on
> alioth. Having this information in the main LDAP tree is much better.

Sure, with the limitation that we currently do require legal names on
LDAP, and that people may prefer to use something else for their online,
google-searchable persona. Could there be a 'public name' field in LDAP?
I haven't tried figuring that out yet.

Also, at the moment LDAP is only for people with an account on Debian
machine: DDs and guest accounts. Even most DMs don't have an LDAP entry,
for example.

I think we need some free-registration identity provider, and we can use
Alioth, or even identi.ca via oauth. We've started discussing details
with DSA and Alioth admins, but haven't found a workable solution yet.

> What is not completely clear to me is how people get in there in the
> first place. I see the LDAP directory now has ou=users, but I didn't
> find instructions in the NM site. The other thing is that I don't see

Here are the details: http://lists.debian.org/debian-project/2010/09/msg00026.html

> anything that would encourage people to create an account unless they
> want to start the NM process. I don't know if this is intended to be
> that way or not, but what I envision is a database where all
> contributors could be found, specially contributors that are hidden in
> the deep dark corners of the project.

Definitely. That's what I meant when I mentioned using Alioth, or even
identi.ca, as an extra identity provider: anyone can register there.

> > P.S.
> > I did see your blog entry and wanted to get in touch, then I got
> > sidetracked by other things. It's great you got in touch!
> Great. Do you have any thoughts to share on that?

I think we need what you propose, and it fits perfectly with what I had
in mind in my (and Francesca's) blog post you quoted[1].

In terms of implementation, I see an overlap with nm.debian.org,
portfolio.debian.net and db.debian.org.

I hope I'm not frustrating your coding plans by saying this, but my
suggestion would be, before you go beyond prototypes and mockups and get
into serious site development, to have a quick round of discussion to
see if they could be implemented as new parts of existing
infrastructure instead.

For example, NM applicants already have to write a public bio. I was
already thinking of adding a special field for that in nm.d.o, which
means it'd automatically get posted to debian-newmaint when an applicant
is approved, and it would save AMs some more work. The same bio could be
shown on the person's personal page, and they could keep it up to date
over time. That could become the bio that's shown in your mockup.

I was also already thinking of adding alternate emails from MIA to
nm.d.o, which would improve the portfolio and DDPO links and the default
minechangelogs search.

The only information we would then miss would be badges and stats. I
guess that, for those, what we most need is a way of collecting them: a
standard REST API that various pieces of Debian infrastructure can
implement, perhaps?

Once the data is collected, where it is displayed becomes a detail: it
could be a stand-alone site linked by nm.d.o and portfolio.d.o, it could
be nm.d.o itself, or both. I guess that boils down to what technologies
whomever is doing the work is comfortable working with.

Regardless of the final implementation, I think network APIs are a must,
so that even if you make your own website, I can still easily show
badges on nm.d.o pages if I feel like, and you can get personal info
from nm.d.o without needing to keep your own database in sync.

> > P.P.S.
> > Have you seen https://wiki.mozilla.org/Badges ?
> Hah, no. I didn't know about that! It looks very nice, and it's a very
> similar concept. Although it probably doesn't make much sense in
> trying to integrate with them.

I was looking at it mainly as a standard protocol to handle badge
information. Even if we don't care about integrating with them, what
would you think of just reusing their technology?

> Also, it's not like this is a great idea that came to me overnight. We
> have something very similar in spirit at work, and that's where my
> idea came from.

Sure, and no matter where it comes from, I think it's a good idea, it's
great that you're working on taking it to Debian.



[1] http://www.enricozini.org/2012/debian/more-diversity-in-skills/
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: Digital signature

Reply to: