Hello, +1 for this requirement.
It should be at minimum possible for a committer to: - Close PRs that are not merged - Add tags - See traffic on project - Manage community profile - Edit release notes - Possibly administer issues Thanks On Sat, Dec 15, 2018 at 2:14 PM Zoran Regvart <zo...@regvart.com> wrote: > I've filed an issue with INFRA, to get their view on this: > > https://issues.apache.org/jira/browse/INFRA-17449 > > zoran > On Fri, Dec 14, 2018 at 7:41 PM Zoran Regvart <zo...@regvart.com> wrote: > > > > Hi all, > > On Fri, Dec 14, 2018 at 6:45 PM Allen Wittenauer > > <a...@effectivemachines.com.invalid> wrote: > > > > On Dec 14, 2018, at 9:21 AM, Joan Touzet <woh...@apache.org> wrote: > > > > > > > > Allen Wittenauer wrote: > > > >> I think part of the basic problem here is that Github’s view of > permissions is really awful. It is super super dumb that accounts have to > have admin-level privileges for repos to use the API to do some basic > things that can otherwise be gleaned by just scraping the user-facing > website. If anyone from Github is here, I’d love to have a chat. ;) > > > > > > > Putting my thinking cap on, I wonder if the workaround here is > to have a proxy for the REST API that forwards the ’safe’ calls but > disallows others. Maybe one already exists? I totally get the security and > potentially legal ramifications of having accounts that can push. But it > sure seems like this problem is solvable with a bit of elbow grease. > > > > Why can't we have a global username/password for `asfgit` with > > personal access token that can be used? It seems to be used for GitHub > > Pull request builder, so I'm guessing that there is already a blessed > > personal access token in place there with acceptable GitHub OAuth > > scopes. > > > > zoran > > -- > > Zoran Regvart > > > > -- > Zoran Regvart > -- Cordialement. Philippe Mouawad.
