[Python-Dev] Python wiki

"Martin v. Löwis" martin at v.loewis.de
Sun Sep 26 09:12:30 CEST 2010 

>   1) Registering via OpenID is a bit clumsy since there is a "Register"
> link that does not mention OpenID.

Thanks. Fixed.

>   2) The URL registered with the OpenID provider is a bit of a wart:
> "http://pypi.python.org/pypi?:action=openid_return" vs.
> "http://bitbucket.org/"

You mean, as this is what the provider then shows you for confirmation?

Unfortunately, this can't be changed anymore, or many of the existing
accounts break. When I started this, I was more unclear about the
relationship of "realm" and "return URL" (I'm still unclear, not
having used a realm yet).

>   3) The email I received asked me to "Complete your Cheese Shop
> registration" which I think is just an oversight since the relabeling to
> pypi.

Ok, fixed.

>   4) It's a bit clumsy that "Login" pops up an HTTP Authentication
> prompt, which is useless to someone who only has never set a password
> and relies only on an OpenID credential. Furthermore, the 401 page does
> not provide a quick way to get to use OpenID.

I think there is no way out wrt. to the basic auth prompt. I could
label the "Login" link "Password login" if you think this would help.
Preventing the browser from prompting the user on the chance they
might want to enter an OpenID is not possible, and stopping to use
basic authentication is not feasible.

> In general, I am pretty happy with pypi's support of OpenID considering
> it allowed me to use my own provider, which often has not been the case
> with other sites.

I guess you are then not in the class of users Guido was referring to,
but rather in the "ultra geeks" class. What regular user is actively
searching for an "OpenID provider"?

If you were using your facebook account (or some such) to log in
(i.e. a service that "the masses" likely use and which happens to
be an OpenID provider), I'd rather add another provider icon to
the front page.

> Although, I think it would be nice if I didn't have to go to another
> page to do that, but I may be biased by having such a short OpenID URI.

This is actually deliberate. I don't want to clutter the front page
with a wide entry field. And again, enjoying a short OpenID URI
probably does put you in the "ultra geek" category (which I
seriously don't mean as an offense).

I've learned that OpenID really is a mystery even to the fairly
technical usership of PyPI. As an anecdote, a user was puzzled that,
after registering the Google OpenID, all you need to do to login
is to click on the google logo, and that no user interaction
at all was required. This counters established expectations about
security so much to actually confuse long-term internet users.

Regards,
Martin

More information about the Python-Dev mailing list