On 6/30/2022 1:35 AM, Christoph M. Becker wrote:
On 29.06.2022 at 19:01, Jeff Grimes via pecl-dev wrote:
Hello Pecl.php.net <http://pecl.php.net/> developers!
My name is Jeff Grimes, <https://github.com/DareMightyThings> and I'm one
of the managers on the Protobuf
<https://github.com/orgs/protocolbuffers/people> team here at Google. We
are requesting a new PECL account that the Protobuf team can use to
maintain the protobuf package (https://pecl.php.net/package/protobuf).
The current maintainer for this package (stanleycheung) has agreed to
sponsor this request. Historically, Stanley's account has been used to
manage both the protobuf and gRPC packages at PECL. However, since these
packages are maintained by different teams at Google, we'd like to have
separate maintainers on PECL instead of sharing a single account and
password.
Please let me know if you are OK with creating this new account, and if the
proposed account details below look OK.
Username: google_protobuf
First Name: Google
Last Name: Protobuf
Need a php.net account [X]
Email Address: protobuf-packa...@google.com
Show email address []
Homepage: https://github.com/protocolbuffers
Purpose of your PECL account: Maintainer for 'protobuf' package
Sponsoring users: stanleycheung
Hi Jeff,
please fill out the form at <https://pecl.php.net/account-request.php>.
Do you really need a php.net account? For PECL, you get an pecl.php.net
account anyway, which is usually sufficient.
--
Christoph M. Becker
While we are on the topic of accounts on the list, the last time I
checked, PHP/PECL did not have two-factor authentication at the most
basic level of account access. We're talking about software that gets
deployed directly to millions of servers globally, so 2FA seems like the
most basic and reasonable account enhancement even if it is just bog
standard Authenticator TOTP support (RFC 6238).
Large companies like Google would probably appreciate/prefer SAML
integration so they can control who has access themselves via ADFS
security group assignments and configure one-click federated sign in via
Okta or similar. However, the SAML spec is a *massive* pain in the neck
to implement correctly and securely. Even SimpleSAMLphp is far from
"simple" and has had its fair share of security vulnerabilities over the
years.
--
Thomas Hruska
CubicleSoft President
CubicleSoft has over 80 original open source projects and counting.
Plus a couple of commercial/retail products.
What software are you looking to build?
--
PECL development discussion Mailing List (https://pecl.php.net/)
To unsubscribe, visit: https://www.php.net/unsub.php
