www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Demers <brian.dem...@gmail.com>
Subject Re: Non committer collaborators on GitHub
Date Fri, 21 Dec 2018 23:33:54 GMT
+100 Please!


On Fri, Dec 21, 2018 at 4:34 PM Philippe Mouawad <philippe.mouawad@gmail.com>
wrote:

> Hello,
>
> +1 for this requirement.
>
> It should be at minimum possible for a committer to:
>
>    - Close PRs that are not merged
>    - Add tags
>    - See traffic on project
>    - Manage community profile
>    - Edit release notes
>    - Possibly administer issues
>
>
> Thanks
>
> On Sat, Dec 15, 2018 at 2:14 PM Zoran Regvart <zoran@regvart.com> wrote:
>
> > I've filed an issue with INFRA, to get their view on this:
> >
> > https://issues.apache.org/jira/browse/INFRA-17449
> >
> > zoran
> > On Fri, Dec 14, 2018 at 7:41 PM Zoran Regvart <zoran@regvart.com> wrote:
> > >
> > > Hi all,
> > > On Fri, Dec 14, 2018 at 6:45 PM Allen Wittenauer
> > > <aw@effectivemachines.com.invalid> wrote:
> > > > > On Dec 14, 2018, at 9:21 AM, Joan Touzet <wohali@apache.org>
> wrote:
> > > > >
> > > > > Allen Wittenauer wrote:
> > > > >> I think part of the basic problem here is that Github’s view
of
> > permissions is really awful.  It is super super dumb that accounts have
> to
> > have admin-level privileges for repos to use the API to do some basic
> > things that can otherwise be gleaned by just scraping the user-facing
> > website.  If anyone from Github is here, I’d love to have a chat. ;)
> > > > >
> > > >         Putting my thinking cap on, I wonder if the workaround here
> is
> > to have a proxy for the REST API that forwards the ’safe’ calls but
> > disallows others. Maybe one already exists? I totally get the security
> and
> > potentially legal ramifications of having accounts that can push.  But it
> > sure seems like this problem is solvable with a bit of elbow grease.
> > >
> > > Why can't we have a global username/password for `asfgit` with
> > > personal access token that can be used? It seems to be used for GitHub
> > > Pull request builder, so I'm guessing that there is already a blessed
> > > personal access token in place there with acceptable GitHub OAuth
> > > scopes.
> > >
> > > zoran
> > > --
> > > Zoran Regvart
> >
> >
> >
> > --
> > Zoran Regvart
> >
>
>
> --
> Cordialement.
> Philippe Mouawad.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message