make --skip-newsletter the default

[sandrom]

At least to me it is quite weird to have a cli ask for a newsletter. Is this really the way to treat users to do that by default, especially if --id and --secret are used (which is incredibly helpful for tests, setting up testusers etc)

[aeneasr]

I understand that this is a bit weird, but let me explain:

1. We have a vague idea of what versions people use, and the prevalent ones are outdated ones. Typically, devs integrate Hydra once and never upgrade - either because they don't have time or because they don't know.
2. We don't have a way of contacting operators of deployments because we have no idea who is using the software or not.
3. This technology is at the forefront of your security infrastructure. You really should be aware of any security patches and also release announcements.
4. Typically, operators use environment variables (as opposed to hydra connect) to configure the environment because of the nature of how hydra connect works (it persists credentials to a file, this is typically not very secure).

Because, for some reason, people don't subscribe to the release announcements although we hint at them on the website and in the README, we decided to make it really obvious that this is important, hence adding it to hydra connect which is typically executed on clients (e.g. operators).

Making this flag work the opposite way would be in stark contrast what we want to achieve with raising awareness for the release announcements.

I'm open to better ideas here, but for the time being, I think it will stay as it is.

[sandrom]

hm i understand the reasoning on why you want people to subscribe, but its also kind of weird at the same time. a notice, thats annoyingly posted in blink red/green for a couple seconds to users might still be an option, but that might also alienate people, unless you add some flying unicorns! so ok, i get it :)

[aeneasr]

Cool, so I think that - apparently - we can do a better job at explaining why this is important. What would have helped for you to understand that when seeing it in the CLI? Adding some explanation?

[sandrom]

yes actually having a note on why this newsletter is so important for everyone and why you care so much (meaning you don't wanna sell anything but simply tell them about security updates) would probably make a lot of difference

[aeneasr]

That makes sense, what do you think about:

You are using the CLI for the first time. It is really important to keep your installation up to date. Because this technology is open source, we have no way of knowing who you are and how to contact you. Subscribe to our release and security announcements, and never miss important patches again:
[Enter Email Address]:

[sandrom]

great!

[aeneasr]

Cool, I'll add that to the CLI in the next release - thank you for your feedback!