Comments (5)
@JoelSpeed Ping.
from oauth2-proxy.
Hey @lubo,
I'm not sure how I feel about these kinds of tags and have been trying to work out what I'd like to do about this going forward.
This style of tag can be great for large and firmly rooted software projects that have lots of maintainers and thorough release processes and very strict semver coherence. For a small project like this, where we have just taken over the ownership and are not entirely sure what the state of the project is, I don't know if we have enough investment from people to be this strict at present.
I know there are some breaking changes that have been raised in issues already and I'm sure there will be more as the project gains more momentum again. For now I am tempted to create minor tags that move but with the proviso that we aren't strictly sticking to semver and are unlikely to be backporting fixes, we simply don't have capacity for this much work.
On a different note, I personally wouldn't want to use a tag like this for a security themed project, for something like the OAuth2 Proxy that, when broken, would block access to many other services, this is the kind of thing where I would want to vet each release in a staging environment before promoting to production! Does that make sense?
@syscll Do you have anything to add?
from oauth2-proxy.
Hi, @JoelSpeed. Yes, it makes perfect sense. If the project doesn't strictly follow semantic versioning, then it's not very useful. But if it did, using minor tags in production shouldn't be a problem if the project publisher is trusted and the app is tested thoroughly, and it'd allow the operators to have more self-maintained infrastructure. Other tags, i.e. major and latest
, are pretty much just a development convenience.
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Closing as this is quite stale. Feel free to reopen if you have any other thoughts.
from oauth2-proxy.
Related Issues (20)
- [Bug]: CVE-2023-45288 github.com/go-jose/go-jose/v3 HOT 2
- [upstream with basic auth]: upstream may require basic auth
- [Feature]: Include sequence diagram in the documentation
- [Feature]: Don't require email for OIDC
- [Support]: unable to verify bearer token, failed to verify token: oidc: id token issued by a different provider HOT 1
- [Feature]: User.Read scope required for Azure Provider?
- [Support]: Problem with OAuth2 and Keycloak-oidc on Kibana in a Minikube Cluster
- [Bug]: OIDC provider don't redeem access token after authorization request HOT 1
- [Support]: Syntax for specifying lists in env variables HOT 2
- [Support]: Logging of authenticated user together with complete URL in a single log line
- [Support]: CSS not loading when using oauth2-proxy as external authorizer with Istio
- Integration with WSO2 Identity Server provider
- [Support]: EKS nginx ingress with multiple servers getting No valid authentication in request
- [Feature]: expose more information back to reverse proxy via set_xauthrequest / set-xauthrequest - i.e. Orgs for Github
- 能支持下钉钉不 HOT 1
- [Bug]: --skip-auth-route fails to match URL after first slash
- [Support]: Integrate with OPA for course grained access control
- Support to configure oauth-proxy to allow all the get request without any authorization HOT 3
- [Feature]: Add debug "build container" ?
- [Feature]: can you please add "latest-7.x" and upcoming "latest-8.x" docker tag to your images
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.