Nugetgallery: Idea: Enhance User Profile with "External Sites" ala Chocolatey

Thanks for posting - sounds like a great idea. We will look at this for a future version of the Gallery

On this do we want to Include: ?

1. Github.
2. Codeplex.
3. StackOverflow account.
4. StackOverflow careers acount.
5. LinkedIn.
6. Twitter.
7. Personal Blog. Just one blog or more than one blog?
   8 Personal website.

I would like to work on this.

I just did a small test (UI and view models) for added external sites:

Awesome - I guess this needs a database change, right?

I would think so.

So far I just created a view mode to start with. Next I will:

1. Add the other sites (linkedin and so on).
2. Create a new class that will have const string like "/github.com/ + username" .
3. Maybe a helper class to check if the username exist on the other sites.
4. Look into what is need for the database changes.

Adding @csharpfritz

Here this my branch for this issue: https://github.com/hbrock/NuGetGallery/tree/issue-2346

Should I include the external sites data inside of User or link User to an external sites?

@maartenba, @robertmuehsig , @ChrisSfanos

I had sometime to look more into this issue / add-on. Here are my plans:

1. Create an ExternalSites class in NuGetGallery.Core.
2. Update User to have a one-to-one relationship with ExternalSites.
3. Create an ExternalSiteViewMode inside of the AccountViewModel.cs. (Already done)
4. Create an ExternalSitesServices class in NuGetGallery.Services.
5. Create an ExternalSites helper classes in NuGetGallery.Helpers. This will have the const string for the external site URIs.
6. Update the Accounts view to include a place of adding external site data. (Already done)
7. Update the Profile view to display external sites data if they exist.

Looks like a good plan. Which external sites types would you be including?

@maartenba

I was thinking:

1. Github.
2. Codeplex.
3. StackOverflow account.
4. StackOverflow careers account / Other Resume (Maybe)
5. LinkedIn.
6. Twitter.
7. Personal Blog. Just one blog or more than one blog?
   8 Personal website.

@yishaigalatzer @csharpfritz Can you check if we still want this feature? Want to avoid @hbrock doing work we no longer need.

@maartenba @yishaigalatzer @csharpfritz

Do we still want this feature? Or should I look at other issues?

@maartenba Could you give a short introduction how to submit changes that require database changes?
Or in other words:
Would be a EF Migration be enough? I guess from a operations standpoint db migrations are not as easy to rollout as pure code fixes, right?

They would indeed need a migration + PR against dev branch. There's nothing we can't deploy :-)

Do you guys still want this? I have been waiting for months for an okay.

@harikm86 ?

Do you have screenshots on how this looks like on the profile page or is this still in flight. I cant access the branch as well.

@harikm86 https://cloud.githubusercontent.com/assets/1028907/9739640/bda66634-561e-11e5-8fed-c719c89a4753.png that's from last year. I deleted the branch months ago but can create it.

Thanks. Sorry, what I meant to ask is how does other users see the profile page of user who has added externals sites to their accounts.

We could do something like the Chocolatey guys - at least that was "the inspiration" for this issue ;)

Robert can you email me at yigalatz@microsoft?

I uploaded images last year for something like that.

On Tuesday, May 10, 2016, Yishai Galatzer [email protected] wrote:

Robert can you email me at yigalatz@microsoft?

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
https://github.com/NuGet/NuGetGallery/issues/2346#issuecomment-218354030

I do love the idea and the proposed design on the NuGet account page works for me . I will let @yishaigalatzer and @maartenba work with you on how we get this in.

For the list of external sites, I would recommend we go with the below list (sorted alphabetically of course). Lets start with a small list and add more if folks need it. I rather not clutter it with a large set most users may not even use.

1. Github
2. StackOverflow account
3. LinkedIn
4. Twitter
5. Personal Website

I could get started on this around Friday. @yishaigalatzer @maartenba

/cc @skofman1 - any particular reason the Up For Grabs was removed here? This one seems pretty do-able with proper code review and early agreement on the list of sites and UI.

Spoke to @skofman1 offline. All of the URLs have a tricky angle because they can aid in a malicious user's ability to impersonate a trust-worthy member of the community. For this reason, we should authenticate with that 3rd party before allowing them show the URL on their profile page. GitHub, Twitter, StackOverflow, and LinkedIn all seem to support OAuth so we could potentially trigger an OAuth flow to "verify" that a profile can show a certain 3rd party URL.

Personal website is a bit trickier. We could theoretically go down the path other websites use for verification: DNS TXT record, arbitrary CNAME, static file at some location on the website, snippet in HTML <head>, etc.

In short, this needs more design to mitigate impersonation.

Related: https://haacked.com/archive/2019/05/10/friend-signing-packgages/

Would this "solve" the problem and is keybase.io "trustworthy" enough?

I think the suggestion of integrating with keybase.io is definitely the right direction. I would imagine something along the lines of: a user can provide his keybase.io information and prove ownership, and nuget.org will add a keybase.io link on his user profile or even show info on the profile page.

I see two options with this idea:

• Allow NuGet.org to verify external identities as keybase.io
• Include NuGet.org as a new identity provider to be included in keybase.io user profile

None of these options will help with package signing. But having the ability to link public keys to user identities will enable users to trust certificates not issued by a public CA.