Community
Participate
Working Groups
We currently use the email address to "link" Eclipse Foundation accounts to GitHub. Since that requires exposing GitHub email addresses to the public (see: bug 425224 comment 1) I think we should maintain a list of one single external ID per external service per committer (ie, one committer account could have an external id for BitBucket and one for GitHub). Our automatic ACL sync would then use the ID.
If I remember correctly, Wayne would prefer to store these maps in PMI. Presumably our sync scripts will need to fetch this info via web API.
Actually, the PMI is forge-specific which means that we would potentially have to copy these values into each instance and maintain (currently) three copies. The Foundation Database seems like a better place for this sort of user-specific information.
> The Foundation Database seems like a better place for this sort of > user-specific information. The UI is created and is functional for capturing external IDs in the Foundation DB. Matt: FYI, when provisioning a GitHub project, we'll need to manually add external IDs to committer accounts. Eventually this will be automated from the provisioning process.
Hmmm. What about contributors? Do we need to store their GitHub ID's too? Do we want to allow a GitHub contributor to Sign-off-by using only their GitHub user ID?
I'd say, yes, this should work for contributors too (not just committers).
I might have to scrap plans for storing this in our internal committer database, and perhaps store it in LDAP instead :/
<can of worms>What happens to our provenance tracking when our git logs are filled with this: Author: billybob Author: clusterhead ... and both of these have since changed their GitHub User id's ? Furthermore, if we allow private/hidden email addresses on GitHub, wouldn't it be reasonable to expect privacy on eclipse.org itself? I'm not sure why both would be treated differently. </can of worms> Frankly, this is 2014, and I thought that when it came to email addresses in repos, folks in the OSS world were "over it".
AIUI, GitHub user ids can't be changed. You can create a new user but you can't edit your current username. But email addresses can be changed, and I think it's far more likely users will change that, than create a whole new user and start again with that. This just lends more weight to the argument that email addresses are poor unique identifiers for GitHub users.
Created attachment 238893 [details] Github account creation/deletion Here's the UI to change your GH ID, or even delete your account. At Eclipse we keep track email changes on our accounts.
While the github username can be changed, the id that comes back with all API calls is fixed at the time of account creation. The downside to using it is the requirement to keep it somewhere on the EF side. If a user provides their github username, it's simple to look up this value and it won't ever change. (In reply to Denis Roy from comment #9) > Created attachment 238893 [details] > Github account creation/deletion > > Here's the UI to change your GH ID, or even delete your account. > > At Eclipse we keep track email changes on our accounts.
(In reply to Zak James from comment #10) > While the github username can be changed, the id that comes back with all > API calls is fixed at the time of account creation. Thanks, Zak. I think our best best is to store external IDs in LDAP since we use a common LDAP database across all our forges. The best solution would be to create our own schema for this (I' haven't found any), but I've never done it, and the last thing I want is to break our LDAP servers trying to resolve this. There is one field in the inetOrg schema called "employeeType" which is free text, and can be used several times for the same user. I tried adding two values to my account: # ldapsearch -x -LLL "(uid=droy)" employeeType dn: uid=droy,ou=people,dc=eclipse,dc=org employeeType: GITHUB:eclipsewebmaster employeeType: BITBUCKET:somebit Querying a specific FORGE:id combo is easy too: build:~ # ldapsearch -x -LLL "employeeType=GITHUB:eclipsewebmaster" uid dn: uid=droy,ou=people,dc=eclipse,dc=org uid: droy I think I'll just go ahead use that, even if the field name isn't right.
> If a user provides their github username, it's simple to > look up this value and it won't ever change. We'll gather GitHub ID's at the NPPR phase and we'll also offer it as an editable field as part of the account information, since both of those places already write into LDAP. Once a value is captured, we won't allow it to be changed unless webmaster is involved.
Created attachment 238981 [details] Screenshot Here's a screenshot of the My Account page. Gerrit change to come.
Created attachment 238982 [details] Screenshot of GH ID already set Here's what the My Account page will show if a Gitbug ID is already set. Right now I don't validate that the ID is correct at Github.
Gerrit change: https://git.eclipse.org/r/#/c/20626/
The rest of the processing happens in LDAPConnection() which is not maintained in Git.
(In reply to Denis Roy from comment #15) > Gerrit change: > https://git.eclipse.org/r/#/c/20626/ I've abandoned that one and created a new one. I found a small glitch with index.php https://git.eclipse.org/r/#/c/21044/
https://git.eclipse.org/c/websites/dev.eclipse.org.git/commit/?id=10e9ad7530e98c99270b4f6d13230afce834dde7
