OpenID yadda yadda yadda...

Martin Pool mbp at sourcefrog.net
Wed Mar 18 08:26:07 GMT 2009


2009/3/18 Ben Finney <bignose+hates-spam at benfinney.id.au>:
> Even better, though, would be to find as much of the participatory
> workflow in Launchpad that can be done *without* authentication
> cookies at all, and make it so. I think the BTS is a prime candidate
> for allowing open participation without requiring any authentication
> cookies at all, as demonstrated by the ongoing existence of such
> systems.

You can create an account with Launchpad, do the various rituals to
establish your email and gpg key, then forget your password and all
other cookies, and then do all future interaction with the bug tracker
only through email.  In other words you can treat the password as a
merely transient detail of the account creation process.

Having seen some the chaos occasionally caused in debbugs by spam or
autoresponders accidentally closing or opening or mutating bugs, I
think requiring some amount of validation before you start doing stuff
is at least arguably reasonable.

I believe there is another bug open asking that for common new-user
interactions the account creation should be implicit.  At a technical
level there will be a Person database row or whatever.  But it will be
presented as, rather than needing to create an account as you file a
bug, it will just ask you for an email address as you file it and then
confirm it.  This would I think be even more useful on Questions where
the typical user is less likely to be technically advanced.  But in
the case of Questions it's also clear that there's little point
answering the question without some assurance the person will see the
answer.

>> > I participate via an interface that does not require any
>> > site-specific account, precisely to avoid that barrier.
>>
>> OpenID is not going to make a difference to whether you need a
>> Launchpad account in order to use Launchpad.
>
> That's not necessarily so, as the existence of successful auth-less
> BTSes demonstrates. It may be so because of decisions made, but those
> *are* decisions, not externally-imposed constraints.

I don't want to be pedantic, but James's statement is correct:
accepting OpenID is not going to make a difference to whether you need
a Launchpad account in order to [modify data in] Launchpad.  This is
pretty much just a matter of implementation.

Whether the system should be writable without any authentication is a
different question, really one of of very high level design approach.
You can make such things but they do tend to have problems, which
would be a bit out of scope to discuss here.  I doubt if Launchpad
will change tack on this any time soon, and I don't think it's a
priority.

-- 
Martin <http://launchpad.net/~mbp/>



More information about the bazaar mailing list