|
|
Subscribe / Log in / New account

Resurrecting DWF

Resurrecting DWF

Posted Apr 8, 2021 15:47 UTC (Thu) by ballombe (subscriber, #9523)
In reply to: Resurrecting DWF by kurtseifried
Parent article: Resurrecting DWF

> most everyone in OpenSource has a GitHub ID

This is the problematic part. Allowing Microsoft to act as a gatekeeper to participation to
FOSS, and the assumption that this is OK with almost everyone.

to post comments

Resurrecting DWF

Posted Apr 8, 2021 16:43 UTC (Thu) by smurf (subscriber, #17840) [Link] (5 responses)

It's a gate which you can open yourself in two minutes. If that's DWF's only problem, kudos to them.

Also, if you don't like that restriction, fine: add an auth hook towards Gitlab and submit a modest pull request.

Still not satisfied? hook up a registration form with TOTP-or-whatever for two-factor auth, and send a somewhat larger pull request. It's not rocket science.

However, if you do it yourself you have to track data protection laws more stringently because you're storing more personal data, you need more security precautions as you now store user passwords (yes they should be salted+hashed but that's no excuse for failing to prevent a leak), etc. You want to take those costs on? be the project's guest, I'd assume.

Resurrecting DWF

Posted Apr 8, 2021 18:07 UTC (Thu) by kurtseifried (guest, #57307) [Link]

Funny story: back in the day (late 2018) the DWF used an email confirmation and stored it publicly in GitHub (the email stated this would happen). Someone did a data removal request, I pushed for "business requirements mean I have to store this" but MITRE pushed back and got GitHub involved so the choice was to remove it, or start dealing with lawyers and possible removal from GitHub. So yeah, there are some really good reasons we're avoiding PII where possible and letting people control it themselves, etc.

Resurrecting DWF

Posted Apr 9, 2021 16:22 UTC (Fri) by ballombe (subscriber, #9523) [Link] (1 responses)

> It's a gate which you can open yourself in two minutes.

Only if you are in a position to agree with github TOS, and it takes more than two minutes to read it anyway.
It is also a gate Microsoft can close.

Resurrecting DWF

Posted Apr 9, 2021 16:58 UTC (Fri) by kurtseifried (guest, #57307) [Link]

It's great that you see it as a possible problem, but do you want to help to find and build a solution? If so please engage with the issue I filed on our end. Thanks

Resurrecting DWF

Posted Apr 11, 2021 16:22 UTC (Sun) by gray_-_wolf (subscriber, #131074) [Link] (1 responses)

So, in order to be able to use something except github (because I do not agree to ToS for example, or I was banned already), I need to write the integration myself (fine) and then sign up with github and make a pull request. That sounds awesome.

Resurrecting DWF

Posted Apr 11, 2021 16:44 UTC (Sun) by smurf (subscriber, #17840) [Link]

If you do are not willing to consider that there are other ways to tell somebody that you have written a patch (both with and without git) than submitting a github PR, I'm afraid I cannot help you.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds