On Nov 20, 2006, at 10:07 PM, Jesse Keating wrote:
On Monday 20 November 2006 18:43, Elliot Lee wrote:
Thinking about it some more (now that I realized it's in the context
of hosting projects) - you're going to want to have a separate
account system group for each hosted project.
Why would that be? At least with trac, all fedora users are
treated the same
as anonymous, but you could get your name attached to a bug (and
thus emails)
and wiki changes. Account privilege escalation can be done within
the Trac
instance itself, through the webadmin tool. Why would we need a
different
account system?
(To recap, I suggested a different account system _group_, not an
entirely different account system.)
Why wouldn't the Fedora account system work and just allow
any user that has CLA signed to create a project or login to
participate with
a name to an existing project?
I think that works within the context of Fedora as a whole, but
moving into hosted territory means you have to adopt more of a
sourceforge mentality, where your job is to give as much control as
possible to the project owner, and let them make decisions such as
who can participate. In order to let each project owner make access
decisions independantly, you would need a separate account.
It sounds like trac has some 'webadmin' thing for controlling
people's access - I think it's a bad idea to go with that. Properly
tying trac into the Fedora account system means making it so that
full control of both authentication & authorization is done through
the FAS. In the long run, it'll be a lot nicer to be able to go to
one place to control people's access levels for everything. (Not to
say that FAS v1 is the right way to do it, just suggesting a good
goal for the future :)
Best,
-- Elliot
