| 20 Jun 2025 |
 infinisil | hexa (signing key rotation when): Can you PM me the email list of the moderation team members? This is for https://github.com/NixOS/infra/pull/748 | 20:21:10 |
 hexa (signing key rotation when) | for what purpose? | 20:21:34 |
| infinisil | I need to give them a freescout account, which needs an email | 20:21:58 |
| hexa (signing key rotation when) | ^ | 20:22:06 |
| hexa (signing key rotation when) | for that exact reason | 20:22:10 |
| hexa (signing key rotation when) | this should not have gone into production without proper login infrastructure | 20:22:22 |
| infinisil | That doesn't work either way | 20:22:28 |
| hexa (signing key rotation when) | why not? | 20:22:38 |
| infinisil | hexa (signing key rotation when): I added it in https://github.com/NixOS/infra/issues/700#issue-3098140041 | 20:23:15 |
| hexa (signing key rotation when) | https://github.com/NixOS/infra/blob/main/build/pluto/prometheus/alertmanager.nix#L79-L84 | 20:23:28 |
| hexa (signing key rotation when) | we can absolute tie oidc in with github teams | 20:23:36 |
| hexa (signing key rotation when) | we are already doing that for infra | 20:23:44 |
| infinisil | Freescout supports OIDC? | 20:24:07 |
| hexa (signing key rotation when) | https://freescout.net/module/oauth-login/ | 20:24:22 |
| infinisil | I see no mention of OIDC | 20:24:36 |
| infinisil | I don't really know OIDC though, so tell me if I'm wrong ๐
| 20:25:17 |
| hexa (signing key rotation when) | you are very likely wrong ๐ | 20:25:33 |
| hexa (signing key rotation when) | https://github.com/dexidp/dex#connectors | 20:25:40 |
 emily | OIDC is based on top of OAuth | 20:25:47 |
| infinisil | I see! | 20:26:12 |
| emily | (but I don't know if the OIDC identity layer on top is relevant to any of the considerations here) | 20:26:25 |
| emily | (it looks kind of like they're just using OAuth as an imprecise term for OIDC actually) | 20:27:21 |
| hexa (signing key rotation when) | the question is just if the plugin can map groups | 20:27:24 |
| hexa (signing key rotation when) |
Keep in mind that this is the general OAuth authentication plugin and it will not allow to adjust users access based on userโs GitHub organization.
| 20:28:22 |
| infinisil | I don't think it makes sense to insist on OIDC now when we haven't done that for the mailing list in the past. The moderation team email is working in freescout, I just need to onboard everybody who got mails forwarded to their personal email before | 20:28:24 |
| hexa (signing key rotation when) | ah, that is what freescout says themselves | 20:28:27 |
| hexa (signing key rotation when) | but that is more likely a limitation they have | 20:28:34 |
| hexa (signing key rotation when) | I absolutely dislike passing emails around in principle, but here we go | 20:29:28 |
| hexa (signing key rotation when) | * I absolutely dislike passing email addresses around in principle, but here we go | 20:29:45 |
| infinisil | Thanks! | 20:30:33 |
