Comments (17)
I am sorry, that's how I interpreted the discussion honestly. That fork is technically already up to date (I will obviously double check), I agree with that approach being the most logical. I think preserving history like that is ideal.
I don't know if there is any special method for deprecating a library to make the transition semi-automatic. I don't believe there is but I don't know for certain, I'll see what I can find out, but I now understand the context under which you were asking more clearly now! Apologies again.
from webauthn.
Hey, I realized it's been almost three weeks. Authenticate kept me busy and I'm finally in a position to ask around internally about migrating this project to another organization. Let me chase this down and get back to you.
from webauthn.
You can mark the module as deprecated in the go.mod
file. This will make go get
print a deprecation warning.
from webauthn.
I personally see the value in relocating the project especially since Duo doesn't officially use it for anything anymore.
I see that https://github.com/go-webauthn/webauthn says its a fork of this library; is there something in the golang ecosystem that'd require a "hand-off" of this repo? Or could you simply fork and migrate things over to that, while this repo gets marked Archived with a pointer over to the maintained fork?
Just throwing ideas out there. I'd be curious to hear what @nicksteele thinks about a potential migration.
from webauthn.
I originally made the fork prior to you coming on board noticing a significant backlog and significant issues which were I could not justify publishing to production in another project, while attempting to continue making PR's for the important things here.
Generally in the go ecosystem the way you describe is fine. Go actually has a cool syntax in go.mod for performing a replacement which should allow users to just do a replacement I believe (though I can check) until such a time as there is a breaking change. Regardless we'd aim to maintain a migration guide.
As far as deciding what to do, if it's a consideration a standing invitation would be extended to be added as a maintainer to people like Nick and yourself, regardless of any interim decision.
from webauthn.
I would say that makes sense. Moving outside of the duo-labs org (which I'm no longer a part of 😢 ) would make contribution easier for me. We should be able to move over to this project fairly seamlessly.
from webauthn.
@james-d-elliott help me understand why transferring is more desirable than, say, syncing your fork with the latest changes, us archiving this copy, and then pointing people your way at the top of the README. This is all open-source after all?
And if we did transfer, how would that impact projects pointed at this repo? Would GitHub set up redirects? Would it break those projects on next build?
from webauthn.
I am sorry, that's how I interpreted the discussion honestly. That fork is technically already up to date (I will obviously double check), I agree with that approach being the most logical. I think preserving history like that is ideal.
Okay cool, this seems way easier for me to pull off than to escalate internally. Then over time the read-only Duo-Labs copy would communicate in H1 text at the top of the README that users of this library should update to the maintained fork over at https://github.com/go-webauthn/webauthn, at which point you become the authoritative Golang WebAuthn library 🔥
from webauthn.
Yeah I agree. You could theoretically move ahead with adjusting documentation if you wanted, then while we investigate if there is some special method we can put the breaks on archiving it.
I have a feeling the best way to communicate it will be to deprecate the main functions themselves (with instructions) but I'd rather be sure there is no more practical method first.
from webauthn.
Thanks @oschwald I'll make a PR with this soon.
from webauthn.
Just letting you know @MasterKale that the PR is up. There's no rush on my end, I understand you may need to get some feedback from someone else or may have reservations.. and you're probably pretty busy!
from webauthn.
Hello all,
I see that the library is still the Go reference in webauthn site. @aseigler, what is the lib actually backing the demo site? Is it still a Go library?
Thank you
from webauthn.
Hello all, I see that the library is still the Go reference in webauthn site. @aseigler, what is the lib actually backing the demo site? Is it still a Go library? Thank you
The site is no longer backed by the Go library, it is backed by a python library from my understanding. The site is open source, you can check it out here https://github.com/duo-labs/webauthn.io.
from webauthn.
https://webauthn.io indeed now uses Duo Labs' py_webauthn instead, here: https://github.com/duo-labs/py_webauthn
from webauthn.
Might be interesting to also change the main reference in the site to point to the new go lib instead of to this one here, right?
from webauthn.
Yeah, I've no problem with that once we agree internally on the path forward for retiring the Golang library and pointing everyone to the community fork.
from webauthn.
Alright, it's official - this project is now deprecated. Good luck over in https://github.com/go-webauthn/webauthn ✌️
from webauthn.
Related Issues (20)
- Implement MDS v3? HOT 1
- Test data shouldn't have execute bit set
- appid extension: u2f registered keys compat HOT 10
- Project maintained? HOT 4
- Challenge: urlsafe vs standard base64
- Webauthn Spec: Level 2 HOT 5
- "Critical" severity shows up from Dependency Scan HOT 7
- Extraneous if err block in master
- RPOrigin is validated exactly against the url's fully qualified host name leaving no room for other use cases. HOT 5
- Possible nil pointer dereference problem
- Error with error conversion
- README needs to be updated HOT 2
- Inquiry regarding the use of test data. HOT 2
- Bazel build fails after webauthn went to Go 1.18 HOT 1
- Invalid certificate HOT 2
- webauthn/metadata/metadata_test broken HOT 5
- Not update Authenticator.SignCount when cloned authenticator is detected HOT 3
- Verify "alg" parameter HOT 2
- AAGUID is always zero'd out during registration and authentication HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn.