llvm dev - Oct 2012 - [LLVMdev] Announcement: Phabricator for code reviews

On 18 Oct 2012, at 23:03, Owen Anderson wrote:
> For me, the concerns are much more about privacy than about security. 
I'm not really bothered by the idea of my Phabricator account being
compromised, and I will use one-off credentials to ensure that a compromise of
it will not impact other accounts that I care about more.
> 
> What does bother me is the loss of privacy implied by sharing a login
system between Phabricator and any of the various OAuth providers.  I'm not
interested in having my identity shared across systems, particularly when some
of those systems are built for and funded by correlating as much of that
identity information as possible and using it for advertising.  From this
perspective, using a Github OAuth is the *least bad* alternative, but it's
still not a direction that I  want to encourage.
Completely in agreement.  Requiring a third-party login is a good reason for not
using a service.

David

On Sat, Oct 20, 2012 at 1:51 AM, David Chisnall
<David.Chisnall at cl.cam.ac.uk> wrote:
> On 18 Oct 2012, at 23:03, Owen Anderson wrote:
>
>> For me, the concerns are much more about privacy than about security. 
I'm not really bothered by the idea of my Phabricator account being
compromised, and I will use one-off credentials to ensure that a compromise of
it will not impact other accounts that I care about more.
>>
>> What does bother me is the loss of privacy implied by sharing a login
system between Phabricator and any of the various OAuth providers.  I'm not
interested in having my identity shared across systems, particularly when some
of those systems are built for and funded by correlating as much of that
identity information as possible and using it for advertising.  From this
perspective, using a Github OAuth is the *least bad* alternative, but it's
still not a direction that I  want to encourage.
>
> Completely in agreement.  Requiring a third-party login is a good reason
for not using a service.
As Manuel has pointed out, there is no requirement. The process is
awkward (emailing him) but works.

I don't think the account creation or login mechanism (something that
is ancillary at best to a code review system) should be the primary
feature or constraint considered. Instead, with a workable (if
awkward) solution in hand, let's perhaps focus on whether the tool is
useful in actually doing code reviews.

On 20 October 2012 09:56, Chandler Carruth <chandlerc at google.com>
wrote:
> I don't think the account creation or login mechanism (something that
> is ancillary at best to a code review system) should be the primary
> feature or constraint considered. Instead, with a workable (if
> awkward) solution in hand, let's perhaps focus on whether the tool is
> useful in actually doing code reviews.
I'm with Chandler here. It's not like they're going to start sharing
your details with spammers, is it? (is it?)

If the tool works and we're all happy, we can then setup a better
infrastructure around it (and move out of Chandler's server, etc).

-- 
cheers,
--renato

http://systemcall.org/

On Oct 20, 2012, at 1:56 AM, Chandler Carruth <chandlerc at google.com>
wrote:
> As Manuel has pointed out, there is no requirement. The process is
> awkward (emailing him) but works.
Having a high barrier to entry (i.e., requiring manual intervention) is
generally a poor way to get people to try something out.

--Owen
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20121020/18909a24/attachment.html>