On Thu, May 31, 2012 at 05:00:48PM +0900, Stephen J. Turnbull wrote: > Richard Wackerbarth writes: > > Stephen, > > > > "social_auth" is a django "app" (Think library) that handles > > OpenID, BrowserID, Google, Twitter, etc. authentication. > > Yeah, I think all the mentors and most of the other subscribers here > can figure that out. The questions are "which one?" (just an URL will > do) and "why this one?" (ie, what are the design requirements and how > does this app compare to the alternatives in meeting them?) > > Requirements and design are important, and the GSoC developers (== > students) should be doing this work and reporting on it IMO. > > > It is with the DRY principal in mind that I think we should "wrap" > > it to make a common login manager app that will be used by both HK > > and postorius. > > Again, I think we all agree on that. My question is, that implies a > set of requirements sufficient for both HyperKitty and Postorius. Why > do we believe that such a set of requirements is known, and satisfied > by the design? And how about Alex's NNTP access? If access to the > archives is to be authenticated, then we would want the NNTP access to > be authenticated, and consistent with HyperKitty. Can a Django > authentication system do that? Can social_auth? > > Aamir is explicitly working on HyperKitty. While it makes a whole lot > of sense for him to generalize the authorization module to Postorius > (and one would hope beyond), this does require communication with the > people doing Postorius. If he's talked to them and believes there's > agreement on requirements, all I want to see is "I've talked to > Florian on IRC about Postorius requirements for authorization, and we > agree that they have the same requirements (see my blog)." Of course > he's welcome to post as much detail as he likes! > > By the way, I think we should let the developers speak for themselves. > I don't have any objection to developers getting a lot of help from > mentors, but they should be able to present and to some extent defend > their own work. If there's a language issue -- AFAIK none of our > students are native English speakers -- they should feel free to say > so, too, and we'll work that out. > I think that the mailing list is one of the public places where GSoC students should be soliciting feedback and discussion. So they should be posting half-baked ideas here to get them more fully developed with the help of other contributors. Florian wasn't available on IRC yesterday when Aamir and wacky discussed how to design the authentication so that both postorius and hyperkitty could use it so I asked Aamir to get in touch with him via email "and the list" because I wanted to know what Florian thought of this architecture and it seemed to me that others would as well. No sense having that conversation via private email and then reporting to the list (and getting more feedback from others then) if the discussion could happen on the mailing list in the first place.
That said, there probably is a little bit of a language (or perhaps open source cultural) issue going on as well. Aamir, it'd be great if you could post some more information about this app, how it works, and how it integrates with the stuff that postorius uses already. And it would also be great if you made sure to mention that you were looking for Florian's input specifically :-) -Toshio
pgp2nM8IS5Ljj.pgp
Description: PGP signature
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9