Overbroad permissions request may deter users from signing up. #23
Comments
|
What about Travis though? They ask for repo hook access, and more. And we can invite people to examine the sources, etc. |
And how would these people verify that the source we present is the source that is actually running?
Well, we're not travis, so it isn't relevant. We should aim to lower barriers as far as we can. |
|
You could say that then about all supposedly "open source" web services. If you couldn't trust a plugin repository to create and delete hooks, might as well not use it. I'm not sure if OAuth scopes are fine enough to go down to repository level; it's either all repositories or all organisations' repostiories' hooks, and if anything, asking people to add it manually is more of a barrier to submission. |
|
We could do some gymnastics to request more scope when someone wants to add a plugin. |
Only ask for permissions for individual repositories, or get users to add hooks manually.
The text was updated successfully, but these errors were encountered: