Umbrella project for Haskell.org related tickets and feature requests.
Feb 5 2020
Feb 4 2020
See also PHI1628, which reports that a 4MB blob of test details is slow to render.
Oct 28 2019
Agreed that supporting YubiKey OTP is pointless - it's impractical and basically a dead legacy feature at this point. WebAuthn has emerged as the de-facto standard for hardware tokens.
Apr 15 2019
Apr 14 2019
Mar 25 2019
Feb 7 2019
Dec 28 2018
Dec 23 2018
The original request focused on OTP, not U2F, but I think the amount of configuration required by OTP and the lack (?) of a pathway on mobile make it a better candidate for third-party integration than first-party integration. If we were supporting OTP in the upstream I'd want to run a first-party verification service so we aren't dependent on Yubikey's service, but the whole thing seems very messy and very bound to the Yubikey stack. It also looks (?) like Yubikey OTP and Yubikey U2F aren't linked to the same key (I think?) so you can't use U2F on one device and then fall back to OTP on mobile, even if you want to type in 44 characters? You have to enroll OTP and U2F separately.
This browser doesn’t support the FIDO U2F standard yet.
Dec 12 2018
Nov 9 2018
I would like to add another use case where this would be beneficial.
Sep 11 2018
I wrote a patch for this, for both new log prototype and old log viewer here some screenshots for the view. If it is look OK, I will submit it.
Apr 5 2018
Mar 14 2018
See followup in T13105.
Feb 21 2018
Aug 25 2017
I'm going to call this effectively resolved:
Aug 24 2017
Aug 6 2017
Aug 4 2017
I'd love to see support for U2F keys, as well.
Jul 10 2017
Jun 2 2017
i'd like to remark that this ticket is supposed to be about perhaps u2f or other direct hardware security, not saml, and thus i've had to unsubscribe from the recent back and forth :)
Jun 1 2017
In practice, every paying customer who has ever asked us about SAML has wanted to use OneLogin as a SAML provider. OneLogin's breach does not imply SAML is bad; it implies OneLogin is bad. For paying customers who are interested in understanding our stance on SAML support, criticism of OneLogin is materially relevant because they all want to use OneLogin.
@epriestley I'm not saying you didn't do a serious technical evaluation of SAML. I can't see where I might have even vaguely implied that? For all I know you could be an expert on SAML. I've done multiple SAML implementations and frankly I can't blame you for not wanting to do / maintain one.
Why do you believe I haven't performed a serious technical evaluation of SAML?
@epriestley I can see how that last sentence could be perceived as such. I probably should have put a smiley there since it wasn't intended as harsh as you (seem to) perceive it.
Why did you think that a sarcastic, condescending comment was the best way to convince me to reserve judgement?
@epriestley I'm hoping you'll see you shouldn't pass judgement that fast.
@siepkes, what are you hoping to get out of making that comment? How do you believe it benefits you?
@epriestley Onelogin does way more then just SAML. They also do OAuth for example. The screenshot also says to regenerate your Oauth keys. I assume your going to remove all OAuth stuff from Phabricator now?
More on SAML:
May 17 2017
Oh hai Cura uses Phabricator? I have a Lulzbot at home!
Apr 15 2017
Recent security issues in GitHub, GitLab, etc., with markdown:
Apr 6 2017
Apr 5 2017
Just dropping this here since it's the first hit for "SAML" and makes it easier for me to contextualize things when I quote $50K for it, which I'm starting to think is too low:
Mar 28 2017
Mar 22 2017
I'm going to probably re-design this page a little.
Mar 21 2017
I think we could even default it to "fancy mode" without a setting, at least to start with. I'm not sure anyone will want to access the plain text mode with enough frequency that we need it to be sticky.
@epriestley this doesn't seem hard to build for a fledgling designer/intern engineer.