On Mon, Apr 06, 2020 at 04:09:38PM +0000, Luca Filipozzi wrote: > That said, please consider an approach that would see keycloak used as > an idenitity broker, allowing external users to create accounts using > social identities that are then promoted to full Debian identities (in > LDAP) if they complete the onboarding process. Could be used as > replacement for debsso, could be used for wiki, could be used for > debconf, could be used for salsa. I don't know keycloak: what are the maintenance costs, and what would be the benefits over time? Right now, with the proposal waldi just posted, we have very little to no added maintenance cost, possibly negative maintenance cost once we take sso.debian.org and the current handcrafted salsa subscription thing offline. The amount of code deployed compared to the status quo would go *down*. The user interface and user experience for the lot would be good and well known. Gitlab's codebase, while large and complex, is widely deployed, and we already have know-how about it in Debian. I would not want to see a workable proposal that we could implement over the next two weeks and that we have the resources to maintain long-term, blocked by something that risks getting us stuck with sso.d.o for another bunch of years until we get it right, and possibly ending up being maintained long term by a team with a dwindling bandwidth and bus factor. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: PGP signature