OpenID yadda yadda yadda...
Martin Pool
mbp at sourcefrog.net
Thu Mar 12 01:44:03 GMT 2009
2009/3/12 Ben Finney <bignose+hates-spam at benfinney.id.au>:
>> On Tue, Mar 10, 2009 at 07:05:33PM +1100, Ben Finney wrote:
>> > I hope this is useful to whoever needs to know about it. I would
>> > submit a bug report, but unlike this mailing list it requires me
>> > to manage a separate authentication identity.
>> I agree this one of the major problems of Launchpad, and it would be
>> much appreciated if they allowed e.g. OpenID authentication or
>> something like that.
>
> Or even if one could participate entirely via email without setting up
> any explicit site-specific account, just as one can with e.g. the
> Debian bug tracker.
So you can participate with Launchpad (at least as regards bugs)
entirely using email, with the exception that you cannot establish
your identity solely through email, as far as I know.
Once you do that, you can set a gpg key and from then on interact with
your bugs only through email. Signed email for sensitive operations
like changing state; plain mail for everything else. I think you
could perfectly happily then delete the cookie from the browser and
forget your password.
Being an OpenID consumer would be useful. However there are some
things Launchpad needs to do that are not (afaik) in the scope of
openid, including getting a password and/or gpg key, and getting a
verified mail address.
It would also be nice if Launchpad automatically trusted gpg
signatures from people with reasonably well-connected keys, and also
implicitly created records for people who want to open bugs without
explicitly creating an account.
There is a working assumption that users must have a verified mail
address: if someone files a bug developers will probably want to get
in touch with them for more information or to tell them it's closed.
That mail should be verified so that forged mail doesn't cause
excessive backscatter, and so that the bug tracker doesn't fill up
with spam as bugs.debian.org sometimes has.
You can think of counterexamples like useful mail from people who then
disappear, or users might poll the bug page rather than wanting mail
back. There are also ways to get around sites that want registration
and in a way it's ok if that remains as a side alley.
--
Martin <http://launchpad.net/~mbp/>
More information about the bazaar
mailing list