On 12.08.22 14:04, Sam Kuper wrote: > On Thu, Aug 04, 2022 at 10:26:25PM +0000, Felix Singer wrote: >> However, I have an idea for a solution. I took a look at the Redmine >> database and I played around with the Google login method. My tests >> showed that it creates a normal user account, as it is done with the >> registration, just with the little difference that no password is set >> disabling the login over password. These accounts also have an user >> name and an email address. As soon as I set a password, I was able to >> login using the user name. >> >> So, my idea is that we just go with these changes and affected users >> use the functionality to reset their password, which means they will >> have a "normal" user account then. In preparation to that version >> update, we should disable these login methods so that no new users will >> make use of them. >> >> Other ideas? What's your opinion?
Felix, I guess you know my opinion already: Whoever maintains the service should decide. If there's already a password database, responsibilities (e.g. to inform everybody in case of a breach) won't change. So it sounds like making password-based logins the only option would reduce chore on your end. And nobody objected, so please go ahead :) > > I'm a bit unclear what you are proposing. > > I'm also unclear whether, under your proposal, users without Google > accounts would be able to register or log in to the Redmine instance. > > Please can you clarify? Currently one can login either with OpenID, a Google account or with a password that is stored on our Redmine host. With the intended changes, everybody will have to use a password. Nico _______________________________________________ flashrom mailing list -- flashrom@flashrom.org To unsubscribe send an email to flashrom-le...@flashrom.org
