Hi all, On Fri, Dec 14, 2018 at 6:45 PM Allen Wittenauer <a...@effectivemachines.com.invalid> wrote: > > On Dec 14, 2018, at 9:21 AM, Joan Touzet <woh...@apache.org> wrote: > > > > Allen Wittenauer wrote: > >> I think part of the basic problem here is that Github’s view of > >> permissions is really awful. It is super super dumb that accounts have to > >> have admin-level privileges for repos to use the API to do some basic > >> things that can otherwise be gleaned by just scraping the user-facing > >> website. If anyone from Github is here, I’d love to have a chat. ;) > > > Putting my thinking cap on, I wonder if the workaround here is to > have a proxy for the REST API that forwards the ’safe’ calls but disallows > others. Maybe one already exists? I totally get the security and potentially > legal ramifications of having accounts that can push. But it sure seems like > this problem is solvable with a bit of elbow grease.
Why can't we have a global username/password for `asfgit` with personal access token that can be used? It seems to be used for GitHub Pull request builder, so I'm guessing that there is already a blessed personal access token in place there with acceptable GitHub OAuth scopes. zoran -- Zoran Regvart
