Comments (10)
We would like to have the users star the repo as part of the new developer process. I do not believe it is possible to do this with a more restrictive permission.
It's unfortunate that GitHub does not appear to offer a more granular/restrictive permission, but if the choice is to ask for this permission or not be able to star the repo, we'll probably just keep this as-is.
Please re-open this if you think there is a way to do this without getting full read/write permission of public repos.
from lbry.com.
What about getting the user id and then later seeing if the user has stared your repo manually?
As it stands there is no way I'm giving you write access to my repos or the orgs I'm an admin for.
I think a lot of people will look at the overly broad permissions you are asking for and just close the browser tab at that point...
from lbry.com.
Personally, I agree with you. I'd be hesitant to click through myself if this were another company.
But 700+ people have already done it, and only a few have objected. And for those who don't want to grant the permission can go through the alternative process of joining our Slack. And of course, you can always use LBRY directly without the reward!
Plus, it'll be additional work to change this when we're already pretty strapped.
So I'm inclined to leave this as-is for pragmatic reasons, even though I agree at the same time.
from lbry.com.
Its your project Kauff. As a security professional in my "day job" who is really interested in the potential of this project, I'm trying to help by pointing out the issue.
In the meantime, I couldn't possibly endorse people doing this. Your response here is essentially "hey we know we did a bad thing here, and that it makes our users vulnerable, but really we don't care, because 700 people didn't know what clicking "yes" meant and because most of them click anyway, its not worth us fixing".
Google "hacked with github".
You are asking users for "777" permissions when all you really need is "111" or similar. Maintaining this approach once aware of it is a bad idea for all of the same reasons that this file permissions analogy would be facepalm inducing.
There is a separate thought process about the politeness of using your 777 permissions to give yourself the equivalent of a like on the dev platform, but that's a separate question. The idea that 777 permissions are explicitly only needed to be able to star yourself makes the granting/requesting of them even more questionable.
from lbry.com.
I agree with @WayneAnderson and @JasperWallace - This overly broad permission is going to turn off a lot of developers, especially the ones with the security and privacy background that seem vital to a project like lbry. You should seriously reconsider this, for something as minor as github stars.
from lbry.com.
Came here to find this. I was nearly entirely turned off from the project. That is asking a lot with this permission.
from lbry.com.
Ok, we're reconsidering this and will likely make a change. It will probably be at least a week though as we are pushing hard to hit April release.
from lbry.com.
I am glad this is being reconsidered. You can still have developers star the project, just ask them to rather than trying to do it for them. The /users/:username/starred
API will allow you to check that they have done so before sending them their credits.
I also hope at the moment, you are explicitly making it clear that you are going to star the repo before you do. All I can see before granting permission is "This will ... mark you as interested in the lbry repo" which is an odd way to say you are going to star the repo on their behalf, if that's what it's supposed to mean.
from lbry.com.
@WayneAnderson @JasperWallace @greylurk @magichair
We changed this. Thank you encouraging us to make the right choice!
from lbry.com.
This is spectacular. Thank you, I'm really interested in this project and appreciate the decision to find another way to balance the ability to show support with the privacy of your users!
from lbry.com.
Related Issues (20)
- odysee.com - where are files stored and how are distributed HOT 1
- Add a section for embedding videos with content security policy HOT 2
- Add video signature and owner verification to erase duplicates from youtube video imported HOT 1
- Is there a reward for automatic rehosting on port 5567? HOT 1
- More properly deprecate /news
- Web scrobbler for my Pandora account has stopped scrobbling to last.fm. The web scrobbler icon code is yellow " HOT 1
- repository 'https://github.com/lbryio/color/' not found HOT 1
- Provide direct link to FFmpeg download for Windows
- Questions for FAQ: does it use prove of work? why not regular distributed hashtables?
- Redirect lbry.com/youtube to Odysee YouTube sync faq
- Migrate entire blog to LBRY
- Remove Odysee references from FAQ
- Remove Luxor pool from site
- Lbry app cannot upload because please your deposit which is 0.01 but the site odysee is uploading it without any problem HOT 1
- keybase link invalid
- discourse has invalide cert
- Blockchain description lacks some details
- GPG-Key is no longer available on the provided link
- Update Canary
- network on red on 2 computers with or without firewall, on several networks (wifi. 4G, vpn) nothing...pls help
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lbry.com.