you can help triage bzr bugs

Ben Finney ben+bazaar at benfinney.id.au
Thu Dec 3 01:16:21 GMT 2009 

Martin Pool <mbp at canonical.com> writes:

> I don't think playing "guess what my objection is now" in
> mostly-irrelevant threads is really what Bertrand Russell had in mind.

I appreciate your frustration; I hope you can appreciate that I don't
raise this gratuitously, but only to correct fallacies like “anyone can
play” when they arise. I also only bother to raise the issue (and
maintain awareness of it) because there seems to be some hope of it
being addressed satisfactorily.

As for “guess the objection”, I've tried to be consistent and clear
about this, but for whatever reason the message isn't getting through.
It is not, nor has it ever been, about the effort of setting up an
account. It is not, nor has it ever been, about remembering credentials.

Rather, the objection is to the chronic cognitive and administrative
load of securely *managing* an extra set of site-specific authentication
credentials:

Ben Finney <ben+bazaar at benfinney.id.au> writes:

> I don't understand from this description whether this requires having
> authentication credentials at Launchpad. Would access to those
> credentials allow a person to assume the identity of that account at
> Launchpad?

(Is this true for Launchpad? I'm still not clear on that.)

> If it does, then it then falls to me to either manage the credentials
> to my Launchpad account securely, or fail to do so. That unattractive
> set of options is precisely what I don't want.

In other words, the presence of a set of site-specific credentials, that
allow the possessor to assume my identity at that site, is an ongoing
burden on the person, cumulative (perhaps even exponential) for each
additional such site, to manage those credentials securely, for as long
as that account exists.

That's a burden I reject for just about any new site (into which
category Launchpad falls, for me), since I already have an existing
burden of many such credentials to manage, and options *without* that
cumulative burden are available if the site administrators choose to
implement them.

Martin Pool <mbp at canonical.com> writes:

> I agree that per-site accounts are a bit annoying, though today OpenID
> has deficiencies too.

Definitely, no disagreement on that point.

> I do find it hard to imagine how someone could strictly avoid them
> these days though and still use the Internet at all.

I stick to the ones I already have, and work actively to reduce the set
to a manageable level.

> So maybe you could put up a webpage somewhere (or find one you agree
> with) explaining the problem with web app accounts, or with
> Launchpad's implementation of it in particular. Then each time you
> feel the urge to mention it on this list, you can just give the URL,
> and we can see what persuasive power it has on their developers.

I will try to find such an explanation, though the variety of
misunderstandings I encounter has far exceeded my expectations so I'm
not sure such a page will obviate individual responses.

-- 
 \        “It is seldom that liberty of any kind is lost all at once.” |
  `\                                                       —David Hume |
_o__)                                                                  |
Ben Finney

More information about the bazaar mailing list