Invent/gitlab, issues and bugzilla

[Ben Cooksley]

On Fri, Jul 5, 2019 at 8:17 AM Elv1313 . <elv1313 at gmail.com> wrote:
>
> Ok, lots of email in the last few hours, lets recap a bit.
>
> 1. "Top" projects don't like GitLab issues because they are too
> simple. Can we try to make a comprehensive list of issues on a pad
> somewhere? Sa far, I see:
> 1.1 It doesn't allow custom combo boxes like BZ/RedMine which then
> forces manual abuse of labels. This probably runs a bit deep and
> affect the search.
> 1.2 It doesn't allow fine grained issues tree where dependencies and
> relationship can be tracked "well enough".
> 1.3 It doesn't allow a "walled garden" to separate technical
> discussions from support.
> 1.4 Someone should chat with GitLab about this to see what they think
> about adding some EE features into CE.
> 1.5 There is BZ 6, 7 and 8 in various level of development or planning
> which seem good
>
> 2. For point 1.3, maybe this is where the solution is. @Boud, you
> mention that Krita "ask" failed. Can you provide more insight here on
> why? Is there anything to learn so we can try better? How about
> redirecting users directly to a ticket system for top-10 projects?
> Ticket systems are overkill (and problematic) for 95% of the KDE
> projects, but seem a step forward for larger projects. Or maybe send
> people to "a forum" first? For my largest non-KDE project (AwesomeWM),
> when we switched to GitHub (from FlySpray), we updated the contact
> page of the website to point to StackOverflow.com, SuperUser.com and
> Reddit above the GitHub Issue link. This worked fine for a relatively
> medium-large user base (of geeks).
>
> 3. The login (identity.kde.org) issue. Maybe I am not on enough
> mailing lists, but what is the situation regarding generic OAuth2
> login for a subset of non-developer services? Is it only an
> integration issue or a political one? Being able to login with
> Google/Facebook/GitHub/Yahoo/Microsoft/GitLab/Gnome(?!) accounts with
> a path to upgrade to "proper" account seems to currently be the
> popular and future proof way to handle this. This is better from a
> security standpoint because all of them support 2 factor
> authentication in a way *normal people* can understand (aka, a
> notification on Android phones). Of course it doesn't help with GPG
> and SSH public key wallets and other dev related concerns. That's not
> relevant for most users.

The current plan Sysadmin has is to replace Identity with a new
platform, and then funnel all third party OAuth2 support through this
central system.

We're preferring to do it this way both to ensure we adequately track
where personally identifying information is located (for the purposes
of minimizing the cost of servicing requests under the GDPR) as well
as to minimize the number of places we have to setup those third party
sites. This also has the added benefit of ensuring the third party
(OAuth2) login support is equal across our entire family of websites.

Finding time to action said plan of course is easier said than done.

>
> 4. For point 1.5, this isn't really solving anything. Sure, a better
> BZ with all the powerful features would be nice. It would not solve
> the PR<->Issues integration problems at all, which still leaves half
> of the people here unsatisfied. It would not be welcoming to projects
> looking to move into the incubator because they are used to a more
> integrated pipeline. It would also leave the whole problem of slowly
> making the services more bot friendly, which is the future.
> 4.1 This would leave the sequestration of BKO and IKO into 2
> ecosystems. This makes bots more complex and makes porting good open
> source bots such as mergify.io even harder since it would be more
> painful than just a GitHub<->GitLab API compat (or if they ever
> support GitLab). Bots are a solution to many of the problem outlined
> here, such as when is a pull request acceptable to merge or some magic
> rebase/squash/fixup bots.

Cheers,
Ben

>
> On Thu, 4 Jul 2019 at 15:39, Boudewijn Rempt <boud at valdyas.org> wrote:
> >
> > On donderdag 4 juli 2019 21:32:59 CEST Ben Cooksley wrote:
> >
> > > With regards to Identity, I'm well aware it has its issues - it was
> > > originally designed as a system for developers and other contributors (so
> > > not users) and is now many years old.
> > >
> > > It's trying to do a job it was never designed to do, in a world that is
> > > quite different from the one it was originally created for. We do have
> > > plans to replace it, but getting time to seriously look into those is quite
> > > difficult.
> >
> > It's mostly outside KDE's own infrastructure that we get those complaints -- people on IRC, Twiter, Reddit and so on complaining they just cannot figure out how the heck they can make it possible for themselves to login on the forum.
> >
> > --
> > https://www.valdyas.org | https://www.krita.org
> >
> >