OpenID yadda yadda yadda...

[Stephen J. Turnbull]

Martin Pool writes:

 > So you can participate with Launchpad (at least as regards bugs)
 > entirely using email, with the exception that you cannot establish
 > your identity solely through email, as far as I know.

???  When I set up my Launchpad account, it sent me email, and that
was how I established my identity.  You still don't know whether I'm a
dog or a cat ... of course I'm human<nyao!>

But I imagine Ben *wants* to use a browser, because LNSFOB
(Launchpad's Not SourceForge OR Bugzilla).  Clicking on buttons
requires little study, but using an email interface does (quick! how
do you add/remove yourself from an issue's nosy list by email? don't
tell me you had to log in to Launchpad to find out ;-).

 > Being an OpenID consumer would be useful.  However there are some
 > things Launchpad needs to do that are not (afaik) in the scope of
 > openid, including getting a password and/or gpg key, and getting a
 > verified mail address.

That's true.  OpenID does nothing but establish an identity token.
However, once that has been established, everything else can be hung
off that.  Even verifying the mail address is acceptable to Ben, I
imagine, because he just clicks on a link in the message, or replies
by mail to the message.  Now that address is verifiably linked to the
ID.  The point is that all the bookkeeping is Not Ben's Problem[tm].

I believe that OpenID 2.0 at least does provide some facilities for
things like mail addresses to be conveyed.  However those can probably
be manipulated by the ID owner (eg, claiming to have somebody else's
mailing address to get them on a mailing list).  I don't think that's
a problem (since it comes with the ID, either the owner or the OpenID
provider done it), but if it is, many OpenID IDs are derived from the
user's mailing address in a canonical way such as

    http://openid-provider.example.com/login-id-and-mailbox

For providers like Google and Yahoo, it would be worth special-casing
those, and requesting verification if the user's ID is not known to be
linked to a mailbox, or she wants a different mailbox used.

 > It would also be nice if Launchpad automatically trusted gpg
 > signatures from people with reasonably well-connected keys, and also
 > implicitly created records for people who want to open bugs without
 > explicitly creating an account.

If you do that, make sure there's a way for users with multiple email
addresses and/or GPG keys to coalesce their autobogotified accounts!

 > There is a working assumption that users must have a verified mail
 > address: if someone files a bug developers will probably want to get
 > in touch with them for more information or to tell them it's closed.
 > That mail should be verified so that forged mail doesn't cause
 > excessive backscatter,

This can be handled by posting the report (or quarantining it for a
human moderator) but not enabling mail to the reporter until they
confirm.

 > You can think of counterexamples like useful mail from people who then
 > disappear, or users might poll the bug page rather than wanting mail
 > back.

Moderating reports with unconfirmed return addresses handles The Case
of the Disappearing User, and having a "please notify me" confirmation
link *and* a "no thanks, I'll poll the bug page" link handles the
Mail-Haters Anonymous types.

This just isn't that hard to deal with.  Ben Tilly once told me "there
are a half-dozen tweaks in my company's web interface that increased
our revenue by 45%, but I'll bet you couldn't identify one just by
looking at the page."  I'm now beginning to understand what kind of
thing he meant.  Really, y'all ought to do this.