-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Requests too excessive authorization #2
Comments
That's a totally fair concern - at the moment, submitGit uses the I think the one thing it won't be able to do is close the PR (which it I'm on holiday at the moment, without a laptop, so will start work on On 23/05/2015, Junio C Hamano notifications@github.com wrote:
|
@rtyley I love this tool! Thanks for working on it! Would there be advantages/disadvantages to creating a submitgit/git repo that is forked from git/git and owned by a The repo would be owned by a I don't know...it was just a thought. |
The `public_repo` requirement is dropped, with users now only required to give the `user:email` scope so we can get their email address. https://developer.github.com/v3/oauth/#scopes Note that existing users will get a slightly alarming-looking notification from GitHub to tell them that the required permissions have been reduced: !['Removed permissions' is highlighted in red](https://cloud.githubusercontent.com/assets/52038/7860692/2ae50980-0543-11e5-9f6d-01d001ef0fab.png) The PR comment generated when a user sends mail to the list is now made by the @submitgit account. Conditional response caching with OkHttp is now also enabled so that there's less risk of running out of GitHub API quota - given that now we don't take advantage of the user's quota. http://thread.gmane.org/gmane.comp.version-control.git/269699/focus=269733
Fix issue #2, reducing the oauth scope permissions required from user
Closing, because I think #3 addressed this. |
Maybe it is just me, but it feels that requesting read & write authorization for all public repositories of the user is way too excessive. If a user can live without the "I sent email using submitgit" breadcrumb left in his or her pull request, can't this be done only with read authorization on pull requests and nothing else?
Not that I'd be afraid that Roberto may go evil; more realistic and serious worry would be the service can be taken over by malicious crackers, whose evil deeds Roberto would not have any control over.
The text was updated successfully, but these errors were encountered: