www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Wittenauer ...@effectivemachines.com.INVALID>
Subject Re: Non committer collaborators on GitHub
Date Fri, 14 Dec 2018 17:45:01 GMT

> On Dec 14, 2018, at 9:21 AM, Joan Touzet <wohali@apache.org> wrote:
> 
> Allen Wittenauer wrote:
>> I think part of the basic problem here is that Github’s view of permissions is
really awful.  It is super super dumb that accounts have to have admin-level privileges for
repos to use the API to do some basic things that can otherwise be gleaned by just scraping
the user-facing website.  If anyone from Github is here, I’d love to have a chat. ;)
> 
> FYI I've previously been told we can't use addons to GitHub to improve
> the issue management workflow (like https://waffle.io/) precisely
> because GitHub's permissions model is so poor, allowing an external
> tool to move tickets around requires giving it effectively commit
> access, which is forbidden to third parties.

	Putting my thinking cap on, I wonder if the workaround here is to have a proxy for the REST
API that forwards the ’safe’ calls but disallows others. Maybe one already exists? I totally
get the security and potentially legal ramifications of having accounts that can push.  But
it sure seems like this problem is solvable with a bit of elbow grease.
Mime
View raw message