Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecating the project #186

Closed
RangelReale opened this issue Sep 4, 2018 · 20 comments

Comments

@RangelReale
Copy link
Contributor

commented Sep 4, 2018

Hello,

As everyone can see, this project is not updated for a long time.
Because of a lack of time, I am not finding time to review all issues/pull requests, and it is very important to review all carefully because bugs on this kind of library can have serious consequences.

Also OAuth best practices and extensions appear all the time, so this kind of library requires constant attention, which I cannot commit at this time.

So I am thinking of deprecating this project, mark it as readonly, and recommend other libraries on the README to warn people still coming here.

Looks like the better maintaned library is "ory/fosite", which as I remember started as a fork of OSIN (I think). Can someone recommend other libraries that I can link to?

@MarAvFe

This comment has been minimized.

Copy link

commented Sep 4, 2018

Amazingly, I was just today studying this project to implement it. But thanks for the heads up! I'll check yours and other's recommendations.

@yookoala

This comment has been minimized.

Copy link
Contributor

commented Sep 5, 2018

Thanks for the work @RangelReale. Sorry that the project is deprecated, but it had its time.

@enj

This comment has been minimized.

Copy link
Member

commented Sep 6, 2018

@RangelReale would you consider transferring ownership of it @openshift? We (Red Hat) use it extensively in openshift/origin. While we are unlikely to implement any features, we will handle security issues since they would impact our OAuth server.

@RangelReale

This comment has been minimized.

Copy link
Contributor Author

commented Sep 6, 2018

@enj definitely, I think this would be the best solution for this. How can we do this?

@enj

This comment has been minimized.

Copy link
Member

commented Sep 6, 2018

@RangelReale I have reached out to the people who have done similar transfers before. I will update you once I know more.

@enj

This comment has been minimized.

Copy link
Member

commented Sep 7, 2018

@RangelReale here is my proposed plan, let me know if you agree (also what about RangelReale/osincli?):

  1. Transfer ownership of this repo to @dobbymoodge
  2. @dobbymoodge has the ability to transfer repos to @openshift, and will do so once you give him ownership
  3. Once this repo becomes openshift/osin, @RangelReale will fork it to RangelReale/osin
  4. @RangelReale will disable issues and PRs on the "new" RangelReale/osin and update the GitHub description to point to openshift/osin

The above should make it so that anyone using RangelReale/osin will not break, they will simply be frozen in time.

All issues and PRs will be left intact and will live at openshift/osin

@RangelReale

This comment has been minimized.

Copy link
Contributor Author

commented Sep 9, 2018

Fine with me, let's do this on monday, if someone has any objection, please say here before that.

@enj

This comment has been minimized.

Copy link
Member

commented Sep 12, 2018

@RangelReale good to go?

@RangelReale

This comment has been minimized.

Copy link
Contributor Author

commented Sep 15, 2018

Sorry for the delay, I was in a place with bad internet, now it is ok. I will do the transfer now, of both osin and osincli.

@RangelReale

This comment has been minimized.

Copy link
Contributor Author

commented Sep 15, 2018

Done, please contact dobbymoodge to accept the transfer.

@dobbymoodge

This comment has been minimized.

Copy link

commented Sep 17, 2018

@RangelReale The repository transfers expired. Can you please re-transfer the repo?

I had a busy weekend :(

enj referenced this issue in enj/origin Sep 18, 2018
RangelReale has given ownership of the osin repositories to Red Hat.

See RangelReale/osin#186

Signed-off-by: Monis Khan <mkhan@redhat.com>
@RangelReale

This comment has been minimized.

Copy link
Contributor Author

commented Sep 18, 2018

Done.

@enj

This comment has been minimized.

Copy link
Member

commented Sep 18, 2018

@RangelReale I believe the transfers are complete - I think now you just need to fork them back and freeze.

@RangelReale

This comment has been minimized.

Copy link
Contributor Author

commented Sep 18, 2018

Done. Can I make a notice in my README before freezing?

@enj

This comment has been minimized.

Copy link
Member

commented Sep 18, 2018

@RangelReale just changing the description would be safer. Otherwise you will have a commit in your fork that does not exist in the openshift/osin code.

@stephenafamo

This comment has been minimized.

Copy link

commented Sep 18, 2018

Going forward, who do we tag to review issues and merge pull requests?

Because I'm about to use this package on a project, and I'll like to know who would be looking at stuff.
I'm happy to contribute, of course, just want to know that someone would be interested in reviewing.

Also, is there any plans to review all the open pull requests and issues?

@enj

This comment has been minimized.

Copy link
Member

commented Sep 18, 2018

Going forward, who do we tag to review issues and merge pull requests?

The relevant people already watch the repo.

Because I'm about to use this package on a project

Please don't. There are far better and more robust options out there such as ory/fosite, dex, etc.

I'm happy to contribute, of course, just want to know that someone would be interested in reviewing.

That effort is better spent on a more active project.

Also, is there any plans to review all the open pull requests and issues?

Unless it is a security issue, I will likely close them.


As I noted above, we are not likely to implement any features. The repo is effectively in maintenance mode. The core of this repo is on the order of 650 LOC and likely does not suffice for most use cases. Also, please use OIDC as that adds a lot of the missing pieces to OAuth 2. I cannot think of any good reason for someone starting a new project to use this repo.

@stephenafamo

This comment has been minimized.

Copy link

commented Sep 19, 2018

Okay. Thank you.

@RangelReale

This comment has been minimized.

Copy link
Contributor Author

commented Sep 19, 2018

Well, the process is done, so I am closing the issue.

@enj

This comment has been minimized.

Copy link
Member

commented Sep 19, 2018

@RangelReale thanks for your work over the years 👍 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.