Hi all,

When I started writing the authenticate package, I was the sole author of it, and I understood (to some degree) every protocol I added support for. If there was a bug report, feature request, or anything else, I had a fair idea of either how to solve it or if making the requested change would break something else.

Fortunately, many people have contributed to the authenticate (and yesod-auth) packages, and the above paragraph is no longer true. I don't know what's going on with OAuth or Kerberos besides a most basic understanding, and I'm not in a position to maintain those myself. Additionally, some people are discussing adding more backends. While I want to make it clear that I appreciate the contributions, this situation has a few downsides:

* When some kind of request or bug report comes to me, I have to route it to the right person, which just adds an extra step to the process.
* Same thing when people ask me for assistance.
* In theory, when upgrading, I could break code without even knowing it. (I don't think that's actually happened though).
* The packages are both becoming rather large.

On the flip side, it's very nice to have all the authentication modules centralized as they currently are.

So the question is: how should future development continue? I see three choices:

1. Continue as-is. New modules can be added to these two packages, and I'll just route inquiries to the appropriate person. One minor change I'll insist on here is that authors specify in the module docs who the maintainer is, and I'll add them as contributors on Github.
2. No new modules will be accepted into these packages, they'll need to go into their own packages.
3. Even existing modules for which I'm not really the maintainer will be split off into their own packages.

For options (2) and (3), we can update the docs for authenticate and yesod-auth to point to external packages that provide additional auth backends.

Michael