kzu
commented
1 year ago Mostly a duplicate of https://github.com/devlooped/SponsorLink/issues/31, I think.
If you have no sponsorlink file, you're assumed not to be a sponsor. If you install the GH CLI extension and run the gh sponsors link command, you will need two things:
- Install the GH App (to your GH account, not download anything) that asks for explicit email sharing permission (as it does today)
- The tool will also remind you about this but explain how it will be made secure by using k-anonimity for the (improved) hashes too.
The recent discussion went a little off the rails. And because i see parts of both arguments I was wondering what stands in the way of the obvious solution : Opt-In.
Silently checking personal data is a NO GO, just ask for it.
It should be a reasonable default assumption that the user isn't a sponsor, and treat them as such. Sponsors interested in the linked benefits, can authenticate themselves.