| 20 Jun 2025 |
 hexa (signing key rotation when) | you are very likely wrong ๐ | 20:25:33 |
| hexa (signing key rotation when) | https://github.com/dexidp/dex#connectors | 20:25:40 |
 emily | OIDC is based on top of OAuth | 20:25:47 |
 infinisil | I see! | 20:26:12 |
| emily | (but I don't know if the OIDC identity layer on top is relevant to any of the considerations here) | 20:26:25 |
| emily | (it looks kind of like they're just using OAuth as an imprecise term for OIDC actually) | 20:27:21 |
| hexa (signing key rotation when) | the question is just if the plugin can map groups | 20:27:24 |
| hexa (signing key rotation when) |
Keep in mind that this is the general OAuth authentication plugin and it will not allow to adjust users access based on userโs GitHub organization.
| 20:28:22 |
| infinisil | I don't think it makes sense to insist on OIDC now when we haven't done that for the mailing list in the past. The moderation team email is working in freescout, I just need to onboard everybody who got mails forwarded to their personal email before | 20:28:24 |
| hexa (signing key rotation when) | ah, that is what freescout says themselves | 20:28:27 |
| hexa (signing key rotation when) | but that is more likely a limitation they have | 20:28:34 |
| hexa (signing key rotation when) | I absolutely dislike passing emails around in principle, but here we go | 20:29:28 |
| hexa (signing key rotation when) | * I absolutely dislike passing email addresses around in principle, but here we go | 20:29:45 |
| infinisil | Thanks! | 20:30:33 |
| infinisil | What I'd like to see in the future is everybody having a <githubUser>@member.nixos.org email address, with some criteria for getting one of those | 20:31:00 |
| hexa (signing key rotation when) | we should really roll our own IDM before we go for such a thing | 20:32:12 |
 @emma:rory.gay | so, i change my github username, what now? | 20:33:32 |
| infinisil | I guess we would want to alias then | 20:34:03 |
| infinisil | <githubId>@member.nixos.org is more stable but less usable :P | 20:34:31 |
| @emma:rory.gay | and even then, in the end i'd just end up never reading those emails most likely lol | 20:35:17 |
| @emma:rory.gay | if it forwards to my regular email, sure | 20:35:39 |
| emily | email provider isn't a fun game to be in, you end up in the critical path of people's accounts etc. | 20:36:41 |
| emily | and people expect addresses to live forever | 20:36:48 |
| hexa (signing key rotation when) | though this one only needs to last as long as the project is alive ๐ | 20:37:17 |
| emily | and deliverability issues on both ends, etc. (applies even for project accounts too but at least the support burden is limited there) | 20:37:28 |
| hexa (signing key rotation when) | tbh, I'd prefer actual login accounts to the forwarding situation we are now in | 20:37:52 |
| hexa (signing key rotation when) | (or that we are now slowly moving away from towards freescout) | 20:38:19 |
| infinisil | Can recommend so far | 20:41:12 |
| 21 Jun 2025 |
|  Martin Joerg joined the room. | 06:51:09 |
 K900 | @vcunat I'm pretty sure t4b is dead: https://hydra.nixos.org/build/301012833 | 12:41:33 |
