Re: New nm.debian.org site is up!
Enrico Zini enr...@enricozini.org writes: On Tue, Mar 06, 2012 at 09:36:42PM +0100, Thijs Kinkhorst wrote: On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. The idea is to get DACS to work: http://en.wikipedia.org/wiki/Distributed_Access_Control_System_(DACS) but we're talking experiments here and I'm not yet sure if/when it'll actually happen. The advantage of DACS is that the webapp behind it doesn't get to know the password one has entered, so for example I can't setup the nm.d.o webapp to log cleartext passwords and steal your accounts. That's why, although I could probably setup the site to authenticate using Debian's LDAP, if I did that then DSA would (rightfully) want to have a violent word with me. To many of us non-Americans the concept of a middle name may be unknown: most persons here have between one and five given names and a surname; there's no such thing as any name being the 'middle' one, many people have just one and of course we all know at least one person without even a first name. The split between first/middle/last adds in my opinion no value for the NM website - this is confirmed by the code which uses those fields only to form the fullname attribute and to display them in the person info table. Let's just simplify and make the name one string in the data model. If you agree I can see to create a patch. I agree 'middle name' is very culture specific, and even the distinction between first and last name tends to be: we spent some time making sure we deal correctly with Wookey, Intrigeri and Bertagaz, for example. However, that information is collected because we use it to feed Debian's LDAP database when the account is created, and the standards of LDAP schemas used in Debian and in pretty much any LDAP deployment mandate that distinction. Currently the burden of AMs to fill up the first/middle/last name fields and it could lead to confusion, for example when an AM isn't used to the hispanic tradition of having multiple first and last names, or one doesn't know whether the applicant is from a culture that shows the last name first. One can ask of course, but it seems that not many do. Because of this I'm planning to let the applicant fill up those fields by themselves when applying. Sorry about the digression. To go back to the 'middle name' coming across as confusing, what I could do is to hide the middle and last name fields when not used, and only show them in the edit form. Would that make more sense? Ciao, Enrico As a point of reference my full name is Hans Henning Goswin von Brederlow. Brederlow is my last name. Or should that be von Brederlow or Brederlow, von? And yes, I've seen all 3 being used in RL. Hans would be my first name but Goswin is what people call me (my christian name?). So would I put Goswin as my first name and Hans Henning as middle name? Where do I put the von? So you see even for the applicant this is difficult to fill in. Please fill in Dr. Prof. Graf Albert Bert Corin von Debbie zu Erna. MfG Goswin -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87pqcox18w.fsf@frosties.localnet
Re: New nm.debian.org site is up!
On Wed, March 7, 2012 00:36, Enrico Zini wrote: On Tue, Mar 06, 2012 at 09:36:42PM +0100, Thijs Kinkhorst wrote: On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. The idea is to get DACS to work: http://en.wikipedia.org/wiki/Distributed_Access_Control_System_(DACS) but we're talking experiments here and I'm not yet sure if/when it'll actually happen. The advantage of DACS is that the webapp behind it doesn't get to know the password one has entered, That's of course not really an advantage of DACS but of any 'webSSO'-type federated authentication system. :-) DACS surely sounds like a fit candidate although I haven't actually installed it myself. From my view it seems like SAML 2.0 (a protocol, not a specific type of software; called 'Shibboleth' by some) is going in the direction of being the 'new standard' though, so that may be something to consider. Advantage of a widely-used system is that plugins or methods may already exist for your existing software, e.g. RT. To many of us non-Americans the concept of a middle name may be unknown: I agree 'middle name' is very culture specific, and even the distinction between first and last name tends to be: we spent some time making sure we deal correctly with Wookey, Intrigeri and Bertagaz, for example. However, that information is collected because we use it to feed Debian's LDAP database when the account is created, and the standards of LDAP schemas used in Debian and in pretty much any LDAP deployment mandate that distinction. I'm not so sure about that. In the deployments I've seen there's usually the givenName, sn (common name) pair, something with initials; and the cn (common name, the full name or usual name someone goes by). As we're Debian I've checked the core schema as shipped with Debian openldap and this defines those attributes and as far as I can see doesn't create a concept of middle name. I would find it reasonable for the Debian LDAP to only carry the cn as this accomodates the possible uses Debian has for this data, it accomodates people with one-word names and in my eyes yields just what you want: a string representation of the common name someone goes by. If more distinction of the last nameis required for some reason, givenName + sn will allow that. In any case I don't yet see why there's a need to add a middleName as a field. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3bf4c9ab653a5726c4efcebca9730bb7.squir...@wm.kinkhorst.nl
Re: New nm.debian.org site is up!
On Wed, Mar 07, 2012 at 09:29:35AM +0100, Goswin von Brederlow wrote: As a point of reference my full name is Hans Henning Goswin von Brederlow. Brederlow is my last name. Or should that be von Brederlow or Brederlow, von? And yes, I've seen all 3 being used in RL. Hans would be my first name but Goswin is what people call me (my christian name?). So would I put Goswin as my first name and Hans Henning as middle name? Where do I put the von? So you see even for the applicant this is difficult to fill in. Please fill in Dr. Prof. Graf Albert Bert Corin von Debbie zu Erna. Thank you for your insightful feedback, but as I mentioned in my previous email, we need to feed LDAP which uses RFC2798[1], which defines the fields we should fill up. Take your patronising sarcasm to IETF if you must, but please keep it away from here. [1] http://www.ietf.org/rfc/rfc2798.txt Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org signature.asc Description: Digital signature
Re: New nm.debian.org site is up!
Enrico Zini enr...@enricozini.org writes: On Wed, Mar 07, 2012 at 09:29:35AM +0100, Goswin von Brederlow wrote: As a point of reference my full name is Hans Henning Goswin von Brederlow. Brederlow is my last name. Or should that be von Brederlow or Brederlow, von? And yes, I've seen all 3 being used in RL. Hans would be my first name but Goswin is what people call me (my christian name?). So would I put Goswin as my first name and Hans Henning as middle name? Where do I put the von? So you see even for the applicant this is difficult to fill in. Please fill in Dr. Prof. Graf Albert Bert Corin von Debbie zu Erna. Thank you for your insightful feedback, but as I mentioned in my previous email, we need to feed LDAP which uses RFC2798[1], which defines the fields we should fill up. Take your patronising sarcasm to IETF if you must, but please keep it away from here. [1] http://www.ietf.org/rfc/rfc2798.txt Ciao, Enrico Sorry to offend, that wasn't my intention. MfG Goswin -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87399j7k0t.fsf@frosties.localnet
New nm.debian.org site is up!
Hello, as promised in [1] and after meeting at [2] we finally have enough functionality on the new nm.debian.org website implementation that we can replace the old site. And we have done it. This means that https://nm.debian.org is now LIVE with the new code! There have been many long-due changes with the rewrite, here is a list with a summary of what it means in practice. * The backend database has been fully redesigned The new database can finally function as the main and authoritative source of information about Debian membership, so now DAMs have proper tools for their work. Also, we can finally have a proper, reliable source of information on what is the status of people in the project. Support for DMs and non-uploading DDs: the new DB can be used to track progress for all sorts of status changes in Debian: none-DM, none-DD, DM-DD, emeritus-DD, non-uploading-uploading, guest accounts, and hopefully anything that will come up in the future. Note that this is still not reflected in the interface. Log-based progress tracking: instead of having fixed steps for progress in NM like PP or TS, now there is a free-form log where one can enter anything. That allows AMs to work more freely and to have a finer-grained tracking of progress. We should have managed a pretty decent conversion of data from the old to the new database, but there could be artifacts: if you notice them, please let us know. Also, if you wonder why the interface shows that lots of work happened at midnight, that is because the old database only supported dates, while the new one supports timestamps, so the old dates all ended up with timestamps at around midnight during the conversion. * New authentication system The authentication is now done through Apache. As a start, we are running on an htpasswd generated with the old AM passwords. But in the future, we should be able to move to a system where you can just log in nm.debian.org with your normal Debian (web) password. You should be hearing more about this (and about what is a Debian web password) soon :) * https://nm.debian.org/am/amstatus/ (formerly amstatus.php) is now log-based For AMs, the big form to fill in with applicant status is gone, replaced by a simple form that posts progress updates and text entries to the process log. There are handy shortcut buttons that will prefill the form for you, so you get both convenience and examples on how it works. The old, confusing 'approved=no' to mean 'on hold' is finally gone, replaced by proper interface support for putting people on hold and back. * The Join NM interface is still missing Sorry about that, it will come soon. For now you can join via email: please see the checklist at https://nm.debian.org/ * NM Committee definition changed The NM CTTE definition changed from AMs who approved someone in the last 6 months to AMs that had an applicant become DD in the last 6 months. That is mostly for ease of computation. It should not change much, but it's worth documenting. If you think this is wrong for some good reason, let us know at nm.debian.org * https://nm.debian.org/public/nmstatus/ (formerly nmstatus.php) has less info than before This is temporary. The log-based progress tracking lends itself to having more sensitive information in the logs, which we don't feel we should disclose publicly by default. We're working on a way to give applicants a personal secret token they can use to access the full version of the page. * URLs changed We have set up redirects from the old pages to the new ones, although some things just do not map. If this breaks links from pages like DDPO or DDPortfolio, please get in touch and we can help crafting new links. * Helping with development Following good Debian practices, the code for the new site is linked at the bottom of every page; however because the nm database contains sensitive information, we cannot provide a full database export one can use to deploy a development version of the site locally. We'll work on a mock database ASAP, though, which is also needed for unit tests, so if you would like to play with the code, drop us a mail and we'll get back to you when it is available. We hope the transition won't be too rough for you: please use debian-newmaint@lists.debian.org or n...@debian.org if you need help. For Front Desk, Enrico [1] http://lists.debian.org/debian-newmaint/2012/02/msg00051.html [2] http://wiki.debian.org/BSP/2012/03/de/Moenchengladbach many thanks to credativ for hosting and feeding us during the week-end! -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org signature.asc Description: Digital signature
Re: New nm.debian.org site is up!
Hi Enrico, Thanks for the new website! From the first look, it already seems to do nearly everything that I need :-) On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. * Helping with development Following good Debian practices, the code for the new site is linked at the bottom of every page; OK, I've got the first request right here. The site insists in displaying names of AM's and NM's divided between First, Middle and Last name (e.g.: at the top of https://nm.debian.org/am/amprofile). To many of us non-Americans the concept of a middle name may be unknown: most persons here have between one and five given names and a surname; there's no such thing as any name being the 'middle' one, many people have just one and of course we all know at least one person without even a first name. The split between first/middle/last adds in my opinion no value for the NM website - this is confirmed by the code which uses those fields only to form the fullname attribute and to display them in the person info table. Let's just simplify and make the name one string in the data model. If you agree I can see to create a patch. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/37c594870515fe71c10b36586f9bd5c8.squir...@wm.kinkhorst.nl
Re: New nm.debian.org site is up!
On Tue, Mar 06, 2012 at 09:36:42PM +0100, Thijs Kinkhorst wrote: On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. The idea is to get DACS to work: http://en.wikipedia.org/wiki/Distributed_Access_Control_System_(DACS) but we're talking experiments here and I'm not yet sure if/when it'll actually happen. The advantage of DACS is that the webapp behind it doesn't get to know the password one has entered, so for example I can't setup the nm.d.o webapp to log cleartext passwords and steal your accounts. That's why, although I could probably setup the site to authenticate using Debian's LDAP, if I did that then DSA would (rightfully) want to have a violent word with me. To many of us non-Americans the concept of a middle name may be unknown: most persons here have between one and five given names and a surname; there's no such thing as any name being the 'middle' one, many people have just one and of course we all know at least one person without even a first name. The split between first/middle/last adds in my opinion no value for the NM website - this is confirmed by the code which uses those fields only to form the fullname attribute and to display them in the person info table. Let's just simplify and make the name one string in the data model. If you agree I can see to create a patch. I agree 'middle name' is very culture specific, and even the distinction between first and last name tends to be: we spent some time making sure we deal correctly with Wookey, Intrigeri and Bertagaz, for example. However, that information is collected because we use it to feed Debian's LDAP database when the account is created, and the standards of LDAP schemas used in Debian and in pretty much any LDAP deployment mandate that distinction. Currently the burden of AMs to fill up the first/middle/last name fields and it could lead to confusion, for example when an AM isn't used to the hispanic tradition of having multiple first and last names, or one doesn't know whether the applicant is from a culture that shows the last name first. One can ask of course, but it seems that not many do. Because of this I'm planning to let the applicant fill up those fields by themselves when applying. Sorry about the digression. To go back to the 'middle name' coming across as confusing, what I could do is to hide the middle and last name fields when not used, and only show them in the edit form. Would that make more sense? Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org signature.asc Description: Digital signature
Re: New nm.debian.org site is up!
Enrico Zini enr...@enricozini.org writes: Â * NM Committee definition changed The NM CTTE definition changed from AMs who approved someone in the last 6 months to AMs that had an applicant become DD in the last 6 months. That is mostly for ease of computation. It should not change much, but it's worth documenting. If you think this is wrong for some good reason, let us know at nm.debian.org Maybe this should be changed to the last 5 still active AMs that had an applicant become DD plus any that had one become DD in the last 6 month. That way the NM Committee would be harder to loose all its members. But lets hope that is a pathological case. MfG Goswin -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87399kyihf.fsf@frosties.localnet