Join GitHub today
Change drone token name to let users know to use oauth2 #6912
@@ Coverage Diff @@ ## master #6912 +/- ## ========================================== - Coverage 41.42% 41.42% -0.01% ========================================== Files 440 440 Lines 59738 59744 +6 ========================================== - Hits 24749 24747 -2 - Misses 31752 31760 +8 Partials 3237 3237
referenced this pull request
May 11, 2019
What users should be doing is using OAuth2, however some don't. So this will resolve the broken connection when they try to use basic auth with drone, however it'll let them know they should be using OAuth2.
Basic auth connection with drone is already not working due with users that use 2FA, and so if users want to be secure they should be using OAuth2. And as we've seen from recent attacks against SCM providers, 2FA is essentially mandatory if you want to keep your code safe.
I see this PR as temporary, and once 1.9.0 is final we can put in blog post that users should switch to OAuth2 for Drone, and then we can remove it for 1.10.0