Re: [gentoo-dev] [kde overlay] Up for grabs: dev-util/arcanist

2020-05-19 Thread Andreas Sturmlechner
On Tuesday, 19 May 2020 21:47:51 CEST Gerion Entrup wrote:
> I use this tool for my work. Is it in a fashion to push it to gentoo.git?
> If yes, I can proxy maintain it.
> 
> If I get it right, there is not real installation, but only "copy all in opt
> and symlink the binary". Is is meaningful to make a fake version like
> arcanist-2020.05.19?
> 
> Gerion

Actually, I forgot that it is one of those upstreams not doing releases at 
all. Rather than inventing versions or having a -only package in 
gentoo.git, the best place would be guru overlay for it:

https://wiki.gentoo.org/wiki/Project:GURU

signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-dev] [kde overlay] Up for grabs: dev-util/arcanist

2020-05-19 Thread Gerion Entrup
Am Dienstag, 19. Mai 2020, 15:56:53 CEST schrieb Andreas Sturmlechner:
> KDE project has moved away from the unloved Phabricator instance to GitLab 
> (invent.kde.org), so there is no reason for us to keep this package in kde 
> overlay for much longer.
> 
> If for some reason you still rely on kde overlay providing this package, 
> consider picking it up now and maintain it in gentoo.git or your own place.
> 
> Regards,
> Andreas

I use this tool for my work. Is it in a fashion to push it to gentoo.git?
If yes, I can proxy maintain it.

If I get it right, there is not real installation, but only "copy all in opt 
and symlink the binary".
Is is meaningful to make a fake version like arcanist-2020.05.19?

Gerion


signature.asc
Description: This is a digitally signed message part.


[gentoo-dev] Last-rites: sci-chemistry/nmrdepaker

2020-05-19 Thread Andreas Sturmlechner
# Andreas Sturmlechner  (2020-05-19)
# Stuck on Python 2 and pygtk, last revdep on dev-python/matplotlib[gtk2],
# last release in 2011, bug #705650. Masked for removal in 30 days.
sci-chemistry/nmrdepaker

signature.asc
Description: This is a digitally signed message part.


[gentoo-dev] [kde overlay] Up for grabs: dev-util/arcanist

2020-05-19 Thread Andreas Sturmlechner
KDE project has moved away from the unloved Phabricator instance to GitLab 
(invent.kde.org), so there is no reason for us to keep this package in kde 
overlay for much longer.

If for some reason you still rely on kde overlay providing this package, 
consider picking it up now and maintain it in gentoo.git or your own place.

Regards,
Andreas

signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-dev] RFC: Gentoo Identity Provider

2020-05-19 Thread Samuel Bernardo
On 5/19/20 7:47 AM, Michał Górny wrote:
> Do you have any specific solution in mind?
>
> [1] https://gitweb.gentoo.org/archive/proj/identity.gentoo.org.git/

I would suggest for SSO an implementation like the following with LDAP
provider:

https://github.com/Luzifer/nginx-sso/wiki/Auth-Provider-Configuration




signature.asc
Description: OpenPGP digital signature


[gentoo-dev] Initial version of gander/goose statistics up for testing

2020-05-19 Thread Michał Górny
Hi,

We've deployed the initial work-in-progress version of gander/goose
(formerly known as gentoostats) for testing.  The goal right now is to
establish whether it would work rather than collect useful statistics. 
However, all interest and testing would be appreciated.

Few notes:

1. The client currently collects @world packages and profile, nothing
more.

2. Stats are updated daily, and discarded after one week.

3. There is a known bug that prevents resubmitting stats when they're
about to be removed.  So right now you can roughly resubmit every
8 days.

4. If there are only a few users, the risk of guessing who submitted
what is pretty high.  Bear that in mind.


To submit:

emerge gander
gander --setup
gander --submit

You can also use --make-report to see what would be submitted.  There is
no cron setup at the moment (see also point 3. above).


To view:

https://anser.gentoo.org/stats.json


Sources:

https://github.com/mgorny/gander
https://github.com/mgorny/goose


Please let me know what you think of it.

-- 
Best regards,
Michał Górny



signature.asc
Description: This is a digitally signed message part


Re: [gentoo-dev] RFC: Gentoo Identity Provider

2020-05-19 Thread Lars Wendler
Hi Alec,

On Mon, 18 May 2020 18:42:24 -0700 Alec Warner wrote:

>TL;DR: What if we launched id.gentoo.org, an identity provider that
>provides authentication for Gentoo properties? Basically, 1 username /
>password for wiki, bugs, email, forums, and any other http
>service[0][1].
>
>Today Gentoo has numerous systems that mostly work in a segmented way.
>
> - To connect to hosts, we use ssh keys.
> - Git is authenticated via ssh keys.
> - Email uses LDAP passwords.
> - Bugzilla has its own identities, with their own passwords.
> - Wiki is separate, with its own passwords.
> - Forums are separate.
> - Infra has an additional 4 systems that use separate credentials.
>
>Some applications support 2FA (such as wiki.)
>Some applications do not support 2FA.
>Applications that require 2FA have a configuration for each app, so you
>have N configurations.
>
>If we configured id.gentoo.org you would have 1 identity across all
>gentoo properties.
>
>Is this a thing people are interested in?
>
>[0] It's unlikely operations for git via ssh would change in this
>rollout. [1] Its unclear if the scope is "gentoo developers" or "any
>community member." The former have LDAP accounts and @gentoo.org email
>addresses and so we can manage them easily; managing 1000s of other
>accounts in the IDP remains to be seem.

In case 2FA won't be mandatory I find this a good idea.

Kind regards
-- 
Lars Wendler
Gentoo package maintainer
GPG: 21CC CF02 4586 0A07 ED93  9F68 498F E765 960E 9B39


pgpL2XtvxjHG4.pgp
Description: Digitale Signatur von OpenPGP


Re: [gentoo-dev] RFC: Gentoo Identity Provider

2020-05-19 Thread Joonas Niilola

On 5/19/20 4:42 AM, Alec Warner wrote:
> TL;DR: What if we launched id.gentoo.org , an
> identity provider that provides authentication for Gentoo properties?
> Basically, 1 username / password for wiki, bugs, email, forums, and
> any other http service[0][1].
>
>
> Is this a thing people are interested in?
>  
>
Sounds good to me.

-- juippis



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] RFC: Gentoo Identity Provider

2020-05-19 Thread Azamat Hackimov
вт, 19 мая 2020 г. в 09:47, Michał Górny :
>
> On Mon, 2020-05-18 at 18:42 -0700, Alec Warner wrote:
> > TL;DR: What if we launched id.gentoo.org, an identity provider that
> > provides authentication for Gentoo properties? Basically, 1 username /
> > password for wiki, bugs, email, forums, and any other http service[0][1].
> >
> > Today Gentoo has numerous systems that mostly work in a segmented way.
> >
> >  - To connect to hosts, we use ssh keys.
> >  - Git is authenticated via ssh keys.
> >  - Email uses LDAP passwords.
> >  - Bugzilla has its own identities, with their own passwords.
> >  - Wiki is separate, with its own passwords.
> >  - Forums are separate.
> >  - Infra has an additional 4 systems that use separate credentials.
> >
> > Some applications support 2FA (such as wiki.)
> > Some applications do not support 2FA.
> > Applications that require 2FA have a configuration for each app, so you
> > have N configurations.
> >
> > If we configured id.gentoo.org you would have 1 identity across all gentoo
> > properties.
> >
> > Is this a thing people are interested in?
> >
>
> What a coincidence I've just archived our old identity.gentoo.org [1]
> project.  And yes, we almost had this back in 2013 but Infra failed to
> deploy, and it was claimed obsolete by the time I joined Infra.
>
> Do you have any specific solution in mind?
>
> [1] https://gitweb.gentoo.org/archive/proj/identity.gentoo.org.git/
>
>
> --
> Best regards,
> Michał Górny
>

Hi there.

Maybe better to try something already stable, like KeyCloak [1]? Seem
all that you need (OpenID, LDAP, SAML2, external Identity Providers
via OpenID) is already implemented.

[1] https://www.keycloak.org/

-- 
>From Siberia with Love!



Re: [gentoo-dev] RFC: Gentoo Identity Provider

2020-05-19 Thread Michał Górny
On Mon, 2020-05-18 at 18:42 -0700, Alec Warner wrote:
> TL;DR: What if we launched id.gentoo.org, an identity provider that
> provides authentication for Gentoo properties? Basically, 1 username /
> password for wiki, bugs, email, forums, and any other http service[0][1].
> 
> Today Gentoo has numerous systems that mostly work in a segmented way.
> 
>  - To connect to hosts, we use ssh keys.
>  - Git is authenticated via ssh keys.
>  - Email uses LDAP passwords.
>  - Bugzilla has its own identities, with their own passwords.
>  - Wiki is separate, with its own passwords.
>  - Forums are separate.
>  - Infra has an additional 4 systems that use separate credentials.
> 
> Some applications support 2FA (such as wiki.)
> Some applications do not support 2FA.
> Applications that require 2FA have a configuration for each app, so you
> have N configurations.
> 
> If we configured id.gentoo.org you would have 1 identity across all gentoo
> properties.
> 
> Is this a thing people are interested in?
> 

What a coincidence I've just archived our old identity.gentoo.org [1]
project.  And yes, we almost had this back in 2013 but Infra failed to
deploy, and it was claimed obsolete by the time I joined Infra.

Do you have any specific solution in mind?

[1] https://gitweb.gentoo.org/archive/proj/identity.gentoo.org.git/


-- 
Best regards,
Michał Górny



signature.asc
Description: This is a digitally signed message part


Re: [gentoo-dev] RFC: Gentoo Identity Provider

2020-05-19 Thread Fabian Groffen
On 18-05-2020 18:42:24 -0700, Alec Warner wrote:
> TL;DR: What if we launched id.gentoo.org[1], an identity provider that 
> provides
> authentication for Gentoo properties? Basically, 1 username / password for 
> wiki,
> bugs, email, forums, and any other http service[0][1].

I'd be in favour of SSO for all http-, imap- and smtp-based Gentoo services.

Thanks,
Fabian

> 
> Today Gentoo has numerous systems that mostly work in a segmented way.
> 
>  - To connect to hosts, we use ssh keys.
>  - Git is authenticated via ssh keys.
>  - Email uses LDAP passwords.
>  - Bugzilla has its own identities, with their own passwords.
>  - Wiki is separate, with its own passwords.
>  - Forums are separate.
>  - Infra has an additional 4 systems that use separate credentials.
> 
> Some applications support 2FA (such as wiki.)
> Some applications do not support 2FA.
> Applications that require 2FA have a configuration for each app, so you have N
> configurations.
> 
> If we configured id.gentoo.org[2] you would have 1 identity across all gentoo
> properties.
> 
> Is this a thing people are interested in?
>  
> [0] It's unlikely operations for git via ssh would change in this rollout.
> [1] Its unclear if the scope is "gentoo developers" or "any community member."
> The former have LDAP accounts and @gentoo.org[3] email addresses and so we can
> manage them easily; managing 1000s of other accounts in the IDP remains to be
> seem.
> 
> 
> References
>1. http://id.gentoo.org
>2. http://id.gentoo.org
>3. http://gentoo.org

-- 
Fabian Groffen
Gentoo on a different level


signature.asc
Description: PGP signature