Open hexagonrecursion opened 2 years ago
hi @hexagonrecursion,
thanks for opening the issue. Normally these permissions are only required when you login via the homepage to actually configure it. For just signing a CLA it should only require your email (the first prompt).
What link did you use to access CLA-Assistant? Via https://cla-assistant.io/tldr-pages/tldr?pullRequest=7516 it should only ask you for the email and redirect you back to the PR afterwards.
cla-assistant posted a comment on my PR. I clicked on the link in the comment
Ah okay, that is indeed weird. This should only ask you for the email permissions and then take you to the signing. I assume that you didn't give CLA-Assistant the extended permissions, right? The PR in tldr-pages looks at least like you accepted the CLA.
If this is the case I suspect that for whatever reason it redirected you to the wrong place after accepting the CLA. I wasn't able to reproduce it so far.
I did not give permissions. After that I clicked on the link a second time and everything worked as expected.
Okay, that is really weird and shouldn't happen.
Let me see if I can reproduce that or someone else as well runs into this problem.
Hi all - someone a few weeks back in spf13/cobra also mentioned something similar: https://github.com/spf13/cobra/pull/1530
I'm not able to reproduce since I already have accepted everything.
@jpmcb thanks for providing this as well. I will see if I can figure out what happened here, especially since it doesn't seem to be a one off as I hoped :D
I too have experienced this in trying to sign the CLA for golangci/golangci-lint. Unlike @hexagonrecursion, though, mine didn't work even after clicking on the link for a second time.
This is a duplicate of issues #78, #97, #566, #863 etc.
I suggest to deal with this at issue #566, until it has been fully resolved: I.e., until the CLA assistant works properly with cookies disabled in the web-browser.
I have the same issue, and here it is more than two years later.
Never-ever will I grant a bot such permissions, I would hardly ever grant them to a person, even a close relative.
If this is the price of collaboration, then collaboration stops here.
tldr-pages requires that all contributors sign a CLA. For the signing workflow they use cla-assistant. When I tried to log into cla-assistant it first asked for permission to see my email address (a reasonable request when using github OAuth). After I approved the request I got a second request for a long list of permissions including write access and private data. This included:
This is unacceptable. There is no reason for cla-assistant to ask me for those permissions just so I can sign a CLA