Closed JtMotoX closed 4 years ago
@JtMotoX
Are you able to allow us to somehow provide access to a specific private or public repo instead of giving you access to everything?
This is possible, but you must set it up manually with SSH. I would love to implement this, but it's simply a limitation of the GitHub OAuth API.
Syncify: Open Settings
in the command paletteRepo URL
to git@github.com:yourUser/repoName
I do not know what is in your code
The full source code for the extension is available in this repository if you want to check it out.
LabCoat and FastHub can specifically ask for the access required for Gitlab/Github. I am not convinced by the claim that it is a limitation of the API provided by Github/GitBucket etc. I am glad that there is a workaround based on ssh
, but the main interface should never ask for permission to access everything. Please either cite the Github API document that you found limiting, or adjust the program.
I think the only place where it might require access to all the repos is that, you seem to provide a list of all the repos already set up so a user who'd like to sync later can simply click/select the one from the list. This list is superfluous and not necessary; instead, simply provide a text input box which points to a valid URI understood by git.
I do not know what is in your code
The full source code for the extension is available in this repository if you want to check it out.
You are inviting a code review for a repository with over two dozen files from effectively each and every one of your security/privacy-minded users here. Instead, consider simply adopting a better design that doesn't have the problem in the first place. Until then, could you please keep this issue open?
[1] https://gitlab.com/Commit451/LabCoat [2] https://f-droid.org/en/packages/com.fastaccess.github.libre/
I was ready to try this instead of Sync Settings but once I got to the GitHub authorization step, I had to stop.
Are you able to allow us to somehow provide access to a specific private or public repo instead of giving you access to everything? No offense but I do not know you. I do not know what is in your code. And I do not know what may be in your code tomorrow. I do not know if you would hand this project over to someone else who may have bad intentions (we all know how that goes link).