[LLVMdev] Announcement: Phabricator for code reviews

Owen Anderson resistor at mac.com
Thu Oct 18 15:03:26 PDT 2012


Manuel,

On Oct 18, 2012, at 2:45 PM, Manuel Klimek <klimek at google.com> wrote:

> I hear you, but I'd be interested in why OAuth is a problem for you - as I said, if we have good arguments, the phab guys are really quick to come up with changes. I'm not deeply familiar with authentication schemes.

I know you've already resolved the issue for me with a manually created account, but to reiterate my reasons from that earlier conversation:

For me, the concerns are much more about privacy than about security.  I'm not really bothered by the idea of my Phabricator account being compromised, and I will use one-off credentials to ensure that a compromise of it will not impact other accounts that I care about more.

What does bother me is the loss of privacy implied by sharing a login system between Phabricator and any of the various OAuth providers.  I'm not interested in having my identity shared across systems, particularly when some of those systems are built for and funded by correlating as much of that identity information as possible and using it for advertising.  From this perspective, using a Github OAuth is the *least bad* alternative, but it's still not a direction that I  want to encourage.

--Owen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20121018/72286f9e/attachment.html>


More information about the llvm-dev mailing list