[01:46:49]
<Yunohost Git/Infra notifications> Autoupdater just ran, here are the results:
- 59 pending update PRs
- 10 new apps PRs
- 5 failed apps updates: dokuwiki, elasticsearch8, focalboard, tvheadend, vikunja
See the full log here: http://paste.yunohost.org/raw/wadanozepe
[04:40:12]
<Émy - OniriCorpe> https://mastodon.social/@glyph/112114506390508586
[18:18:58]
<Yunohost Git/Infra notifications> [webhooks] @Psycojoker pushed 1 commit to master: feat: handle pull_request assigned action ([5318ee44](https://github.com/YunoHost/webhooks/commit/5318ee44343898b41d30eaa903a1a2798306d9cd))
[18:20:26]
<Bram> in case you are wondering: those kind of warnings are actually pretty easy to fix
[18:20:27]
<Bram> https://aria.im/_matrix/media/v1/download/matrix.org/ljKBCWJKzXJDolqPMZbCHSKx
[18:20:34]
<Bram> see https://github.com/YunoHost/webhooks/commit/5318ee44343898b41d30eaa903a1a2798306d9cd
[21:18:38]
<orhtej2> If I think some insides of SSO working are questionable should I ask here or report via security issues reporting channel? Perhaps it's working as intended and i'm just paranoid
[21:24:47]
<orhtej2> > If I think some insides of SSO working are questionable should I ask here or report via security issues reporting channel? Perhaps it's working as intended and i'm just paranoid
¯\_(ツ)_/¯ ah it's a well known behaviour
[21:24:55]
<Bram> which behavior?
[21:28:01]
<orhtej2> > <@Bram_:matrix.org> which behavior?
the one where Authorization header contains plaintext password
[21:28:28]
<Bram> > the one where Authorization header contains plaintext password
ah yes that's one old behavior for the applications, it's only between SSO and the apps
[21:28:57]
<Bram> it's not great but most applications aren't ready for SSO v_v
[21:32:17]
<Émy - OniriCorpe> > the one where Authorization header contains plaintext password
standard practices \\:D/
[21:32:39]
<orhtej2> > <@oniricorpe:im.emelyne.eu> standard practices \\:D/
#YoloHost
[21:34:45]
<Émy - OniriCorpe> it's not plaintext if it's base64 encrypted 😌 /s
[21:35:30]
<Bram> I'm pretty sure there are a lot of way to do this thing better but heh, the workforce is very limitated
[21:36:11]
<Bram> and the work is ridiculously gigantic (on yunohost in general)
[21:39:03]
<orhtej2> we should move towards promoting Dex or LDAP?
[21:39:06]
<orhtej2> (right after packaging v2 is done)
[21:39:08]
<orhtej2> (and YNH 12)
[21:39:13]
<orhtej2> (and packaging v3)
[21:39:16]
<Émy - OniriCorpe> i think the user expectations are much more ridiculously gigantic than the actual work needed on yunohost itself
[21:40:15]
<orhtej2> nevertheless I agree, I was able to snoop said headers when I injected 'malicious' service to debug wtf Piped is complaining about
[21:40:17]
<Émy - OniriCorpe> > we should move towards promoting Dex or LDAP?
neeeh, i'm not fan of an app like Dex for yunohost
it's fine to work around, but not very much
[21:40:19]
<orhtej2> so as a malicious admin I can....
[21:40:44]
<Bram> as a malicous admin you can pretty much fuck everything up
[21:40:50]
<orhtej2> ^ that's the joke
[21:41:00]
<Bram> ah, it was a joke '^'
[21:41:22]
<Émy - OniriCorpe> > <@oniricorpe:im.emelyne.eu> neeeh, i'm not fan of an app like Dex for yunohost
> it's fine to work around, but not very much
i mean, i'm not to promote something like Dex as yunohost
but if people are using Dex on their own, it's fine
[21:41:38]
<orhtej2> > <@oniricorpe:im.emelyne.eu> neeeh, i'm not fan of an app like Dex for yunohost
> it's fine to work around, but not very much
WDYM? It's a nice OAuth2/SSOWat bridge? Unless I don't understand?
[21:44:06]
<Émy - OniriCorpe> > WDYM? It's a nice OAuth2/SSOWat bridge? Unless I don't understand?
because:
- my previous message
- it's an app to compile, it's independent of yunohost and if it fails, it'll be our fault
- promoting it will mean that we'll have to transition to our own implementation the day we do, i prefer to say nothing and let people tinkering
[21:45:55]
<Émy - OniriCorpe> i would be MUCH more in favor to:
- implement OIDC in ynh in the looooong term
- use https://yaal.coop/blog/en/canaille-nlnet-pytest-iam
[21:46:28]
<Émy - OniriCorpe> so yeah, i see dex as a great workaround tool, not more
[21:50:25]
<orhtej2> oh they're no longer selling XKCD 'Opinions!' stickers :/
[21:50:37]
<Émy - OniriCorpe> > <@oniricorpe:im.emelyne.eu> i would be MUCH more in favor to:
> - implement OIDC in ynh in the looooong term
> - use https://yaal.coop/blog/en/canaille-nlnet-pytest-iam
- "acknowledge that some apps aren't compatible with yunohost (for technical or ethical reasons) and forcing them to fit the mold isn't a good idea" aka "if the app doesn't support LDAP but OIDC, too bad" cf https://github.com/YunoHost/issues/issues/2357
[23:01:51]
<Aleks (he/him/il/lui)> > the one where Authorization header contains plaintext password
there's some improvement on that in bookworm, though i was hoping to make "not sending the password" the default, but turns out several apps do need it