Le vendredi 25 juin 2010 à 16:52 +1000, William Grant a écrit : > On Fri, 2010-06-25 at 08:42 +0200, Didier Roche wrote: > > Le vendredi 25 juin 2010 à 16:34 +1000, William Grant a écrit : > > > On Fri, 2010-06-25 at 08:28 +0200, Didier Roche wrote: > > > > Le vendredi 25 juin 2010 à 16:16 +1000, William Grant a écrit : > > > > > The code of the basic write implementation is simple. However, > > > > > difficulty arises when we consider that normal API applications > > > > > probably > > > > > shouldn't be able to touch other authentication tokens. It is intended > > > > > that one should be able to stop a rogue application by simple revoking > > > > > its OAuth token; if applications were permitted to add new SSH and > > > > > OpenPGP keys, they could add backdoors that would not be closed using > > > > > normal means. > > > > > > > > > > > > > My point is that people are already able to do to that with > > > > screenscrapping (see GoundControl for instance), I don't really > > > > understand why exposing those to API is more or less a security issue > > > > there when people click on "change everything". > > > > Or do you mean that adding gpg or ssh key writable to API is opening > > > > other backdoor than the site itself doesn't enable? > > > > > > If I give an application my SSO email address and password, I expect > > > them to be able to do anything at all. But applications aren't meant to > > > request that information -- one reason is that it's a lot harder to > > > revoke access granted that way, and those credentials have access to a > > > lot more than just Launchpad. OAuth is meant to be a solution to this. > > > > > > I think perhaps an additional access mode which permits alteration of > > > authentication tokens could work. We already need more flexibility in > > > that area. > > > > > > > Here is what GC does: > > it opens a browser windows embeeded in webkit widget to get the > > credential and cookie. It think from user point of view, they don't see > > the difference from that that regular launchpad applications that uses > > the API to open the request in a real webbrowser window. So my remark on > > the fact it's not real security. > > > > Well, I'm still puzzled and don't know what to do for Quickly: again, if > > I can work with you guys to have the "good way", like done with jml on > > gpg/ssh access last cycle, I'm all in favor for that. I just realized > > last cycle than hacking on LP was time consuming and quite hard when you > > don't know the rationale :) > > Applications should be able to mutate SSH and OpenPGP keys through the > API, if the user wants them to do so. But it needs to be an explicit > decision on the user's part to grant an application that extra > privilege; it undermines some of the security that OAuth provides, and > is completely undesirable for most applications. > > I envisage that Quickly should be able to request a token with access to > other authentication tokens, Launchpad will then confirm that the user > is OK with that, and everyone will live happily ever after (without > screenscraping). >
Ok, I'm all in favor for that solution. Now, how gets things moving? I can help as much as I can despite my very little knowledge on Launchpad (and hacking on it showed me that you have a lot of required knoledge first). Is it doable in your opinion to target that Quickly can get support (before maverick Feature Freeze) of those things: - pushing ssh key - pushing gpg key - download CoC and push signed one (yes, Quickly will make people read it before, don't be afraid) - create a ppa if none available Didier _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
