[OpenAFS-devel] RT, Gerrit, Release Management changes

Jeffrey Altman jaltman@your-file-system.com
Mon, 08 Oct 2012 01:29:18 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA0B96089E3C8F0E3FA522312
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 10/8/2012 1:09 AM, Troy Benjegerdes wrote:
> Before I bother with an RFC that nobody other than me cares about, I'd
> like to see gerrit.openafs.org *use* the following RFCs, so that I can =

> trivially log in when authenticated to my own local cell:
>=20
>=20
> http://tools.ietf.org/html/rfc4120
> http://tools.ietf.org/html/rfc4178
> http://tools.ietf.org/html/rfc4559

Gerrit supports OpenID.  It does not to the best of my knowledge support
GSS-API authentication.  If you would like to add GSS-API authentication
to Gerrit, please discuss it on the Gerrit mailing lists, not on this one=
=2E

> If given a database dump of the RT database backing rt.central.org, I c=
an
> attempt to set up a test version that will allow any realm with manuall=
y
> configured cross-realm trust to log in.=20

While I appreciate that your intentions are well meaning, central.org is
a trusted provider of services to openafs.org.  While OpenAFS may make
requests of the central.org administrators, their time is hard to come
by and the Gatekeepers would rather they spend their efforts on
developing the processes necessary to permit broader access to members
of the community.  Customizing RT to permit SPNEGO authentication is far
down on the list.

If you want to have a cross-realm key exchange with the
GRAND.CENTRAL.ORG realm, you should talk with the administrators.
Repeated e-mails to this mailing list is not going to help you.

My final comment is that OpenAFS uses central.org because the
individuals that run it are trusted to protect the privacy of the data
stored within RT.  In particular, the contents of non-public queues.

Jeffrey Altman







--------------enigA0B96089E3C8F0E3FA522312
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJQcmS0AAoJENxm1CNJffh4KVEH/3cJyyGFNQrv4o8SzaRobOt8
Q5DlhM2uNGU8j2hx+mS3hlvKatVvhYMX+d4AXpde5uhvdOAv/w49iE6dP6f/+Oke
8D0qNgfckWvogpNhXnEN67P+jqMzPy6fvythXhOz1zoT7RRMabe76gSb6+J9S5bz
Vx+yheqLucF8yKx+FB90ehut51nxuMJiqK9dHf23rgtMz1I75hTtvrNkFEx9jeoS
6u8DG2Y76yS+Hx3FcWiuRZiXb9e1Z56IZLfUCklnPEmDUQRdOrQvA9VQIfzdAe7/
rT+VBQQL9JBPBQH8ZsF3Rfir2ZTCO9cVr19gBm4D1hdCWL7Vg7r2TT+TM8MFsW4=
=DQJF
-----END PGP SIGNATURE-----

--------------enigA0B96089E3C8F0E3FA522312--