[web-devel] Split up authenticate and yesod-auth?

Michael Snoyman michael at snoyman.com
Thu Jan 19 06:53:10 CET 2012 

Hi all,

When I started writing the authenticate package, I was the sole author of
it, and I understood (to some degree) every protocol I added support for.
If there was a bug report, feature request, or anything else, I had a fair
idea of either how to solve it or if making the requested change would
break something else.

Fortunately, many people have contributed to the authenticate (and
yesod-auth) packages, and the above paragraph is no longer true. I don't
know what's going on with OAuth or Kerberos besides a most basic
understanding, and I'm not in a position to maintain those myself.
Additionally, some people are discussing adding more backends. While I want
to make it clear that I appreciate the contributions, this situation has a
few downsides:

* When some kind of request or bug report comes to me, I have to route it
to the right person, which just adds an extra step to the process.
* Same thing when people ask me for assistance.
* In theory, when upgrading, I could break code without even knowing it. (I
don't think that's actually happened though).
* The packages are both becoming rather large.

On the flip side, it's very nice to have all the authentication modules
centralized as they currently are.

So the question is: how should future development continue? I see three
choices:

1. Continue as-is. New modules can be added to these two packages, and I'll
just route inquiries to the appropriate person. One minor change I'll
insist on here is that authors specify in the module docs who the
maintainer is, and I'll add them as contributors on Github.
2. No new modules will be accepted into these packages, they'll need to go
into their own packages.
3. Even existing modules for which I'm not really the maintainer will be
split off into their own packages.

For options (2) and (3), we can update the docs for authenticate and
yesod-auth to point to external packages that provide additional auth
backends.

Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20120119/98f53d8b/attachment.htm>

More information about the web-devel mailing list