[13:45:18] <mvantellingen> cool, should solve the 500 errors I get during a release then :-)
[16:26:43] <puiterwijk> hi, maybe someone could tell me what I've done wrong. I uploaded flask-oidc 1.0.1 to pypi a few weeks ago, but when searching for flask-oidc on pypi, I'm only seeing version 0.1.2, even though that one is set to be hidden
[16:27:07] <dstufft> puiterwijk: search is kinda borken atm :(
[16:27:42] <puiterwijk> dstufft: I see. Unfortunately, the download url also seems to be broken
[16:27:50] <puiterwijk> https://pypi.python.org/packages/source/f/flask-oidc/flask-oidc-1.0.1.tar.gz gives a NoSuchKey error
[16:48:47] <puiterwijk> dstufft: any idea about those?
[17:06:45] <dstufft> that should _probably_ live outside of Warehouse, and exist as something like id.python.org and have Warehouse just be a consumer of it, the big questions there are really what thing should we deploy as id.python.org (I briefly looked at Ipsilon, but shelved it for the time being because I was having a hard time finding docs that told me how to deploy it and use it in a way that wasn't using pam and LDAP and stuff like that) and figuring out
[17:06:45] <dstufft> how we migrate the identity silos we have to using that
[17:07:42] <puiterwijk> dstufft: right. With "adding Ipsiln support to warehouse" I did indeed mean allowing it to login against Ipsilon
[17:07:59] <puiterwijk> and as for adding other backends, that depends on what kind of backend you have in mind.
[17:08:14] <dstufft> I just want something that'll use a PostgreSQL db
[17:08:40] <puiterwijk> You know what, that's a pretty good idea. And would be quite easy to do probably
[17:09:01] <dstufft> (MySQL would be "ok" too, but I prefer PostgreSQL)
[17:09:10] <puiterwijk> I would use sqlalchemy, so support either
[17:11:01] <dstufft> that was probably part of my confusion too :]
[17:11:28] <puiterwijk> Two of the backends that Ipsilon supports are FreeIPA, and the Fedora Account System (FAS), which is no longer limited to Fedora :)
[17:12:22] <dstufft> Originally I was going to write my own thing that just bundled all of that together, but then someone pointed out Ipsilon so I started to poke at it
[17:13:23] <puiterwijk> Right. So Ipsilon is basically an application you can deploy that will authenticate against pretty much any user backend you have when you write a small plugin for it
[17:14:11] <dstufft> "Ipsilon + FAS" might be the right answer here :) I think what Fedora does is pretty close to the model I like-- I'm not really a fan of federated auth, but using the federated auth technology to implement SSO is cool
[17:14:53] <puiterwijk> Cool. Well, that's a very carefully tested combination, and me and various other people can help you with it :)
[17:15:20] <puiterwijk> But the other problem you mentioned, combining all the identity silos, is going to be pretty tricky nonetheless unfortunately
[17:15:51] <dstufft> yea :( It'll probably involve some sort of "convert to id.python.org account" button on each silo
[17:17:31] <puiterwijk> Do you have an overview of which silos you have?
[17:20:05] <dstufft> PyPI, www.python.org, the Wiki, um, bugs.p.o, every mailing list getting it's own password, voting software,
[17:20:12] <dstufft> I think those are the big ones
[17:20:38] <dstufft> (and we don't need like, working code for each one, jsut a generalized plan for how each of those should handle it)
[17:21:05] <puiterwijk> PyPI would be warehouse, correct?
[17:21:57] <dstufft> (voting software could probably be ignored too)
[17:22:16] <dstufft> I don't think we actually have identities int hat right now for most people
[17:22:24] <puiterwijk> so, for mailman, you could consider moving to the mailman3 suite. That has OpenID auth embedded and will take care of the migration
[17:23:04] <puiterwijk> (basically, it will add the email address from the identity provider as trusted by default if you want, and people can add any other email address to their account)
[17:23:40] <puiterwijk> Anyway, that's just an idea
[17:25:23] <dstufft> puiterwijk: If you're interested in helping get id.python.org stood up, a quick sketch of what we would need to deploy and what VM sizes and stuff sent to infrastructure@python.org would let folks weigh in. I suspect if it works most people won't care though :) We manage stuff in salt so we'd need to set it up in there to get deployed (and ideally it won't require special stuff like setting up pam or whatever). If you're not then it'll probably
[17:25:23] <dstufft> wait until I carve out some time or someone else picks it up :]
[17:26:03] <puiterwijk> dstufft: I'd be glad to help out with it, absolutely.
[17:26:09] <puiterwijk> Do I need to subscribe to that list?
[17:26:44] <dstufft> umm, I don't think you need to subscribe to post to it, but you're welcome to subscribe. It's really low traffic
[17:26:58] <puiterwijk> As soon as I can find your mailman system, I will do that
[17:29:34] <dstufft> gotta go drop some stuff of at my daughter's school, bbl
[20:37:49] <puiterwijk> dstufft: I saw you (or someone else) approved my request to join. I'll look into id.p.o et al as soon as I get some time from dealing with spammers at fp.o...