On 06/28/2017 02:04 PM, Bryan Richter wrote:
> While poking around the admin panel for git.snowdrift.coop's githost
> account, I found that I can enable GitHub OAuth.
> I've already turned it on as an experiment. Should we leave it on?
> Pros: 
> - New devs, who probably already have GitHub accounts, can easily
>   create an account on git.snowdrift.coop. Less friction.
> Cons:
> - GitHub knows when these people sign in to git.snowdrift.coop.
> - OAuth login is not compatible with two-factor auth.
> I think the pros outweigh the cons. Creating an account is the "hard"
> part... enabling passphrase login and two-factor auth can be done
> later.
> I have put a message listing the cons on the login page. You can see
> it quickly by viewing https://git.snowdrift.coop/users/sign_in in a
> private/incognito window.
> Any thoughts or feedback?
> P.S. Amusingly, we can also use git.snowdrift.coop *as an OAuth
> provider*, if we wanted to use it to log in to other sites...

Interesting. Anyone making commits that get to master will be mirrored
to GitHub anyway. Anyone who cares about being free of GitHub can still
do that.

I think that allowing it with qualifications and not treating it as the
default sounds good. I would object to Facebook or something like that
because (well, not sure that's OAuth even) Facebook is a more deeply
horrible company. GitHub is at the level where I like acknowledging
known issues and then maximizing participation from both of two groups:
those who would be upset at us fully embracing GitHub (like just using
GitHub directly) and those who will be turned off by barriers to entry
(such as not using GitHub directly).

I think qualified GitHub OAuth is an excellent balance.

Attachment: signature.asc
Description: OpenPGP digital signature

Discuss mailing list

Reply via email to