Closed FroMage closed 8 years ago
+1
Sent from my iPhone
On 18 Nov 2015, at 13:08, Stéphane Épardaud notifications@github.com wrote:
Recently someone (I think @lucaswerkmeister) complained that he could not use the upload repo Url to test his stuff. That was only an authentication issue and adding auth in the Url worked.
But there may be a use-case for making read-only access to it open without authentication, so that you can run CI with no auth, or even pass the Url to others to test. You could even use it as a kind of user-repo and store your modules there for others to use without publishing them on the main repo.
I suppose you could even use this for file storage and public sharing, which would be a lot less nice.
WDYT? Should I allow readonly access to these repos to everyone?
— Reply to this email directly or view it on GitHub.
Yes. If we see abuse we can rethink this but for the time being it would be a nice feature I think.
Of course the fact that you can re-upload modules has it's advantages and disadvantages. Obviously our whole repo system is built on the premise that nothing can ever change. So either we would have to:
compile
and run
that says: don't use the cache, re-download everything you needRecently someone (I think @lucaswerkmeister) complained
yup, that was me: https://groups.google.com/d/msg/ceylon-users/DOv-ghRMgOQ/6PlBjjVUDgAJ
And I’m not sure if the repo actually needs to be globally readable. The real problem for me was that the documentation didn’t mention the https://user:pass@modules.ceylon-lang.org/…
syntax. Sure, it’s nothing Ceylon-specific, but it would still be nice to put a reminder for it in the documentation.
+1. A few comments:
If there are security concerns, I think a 95%+ answer would be to add a random identifier to the url, which basically serves as a password (assuming everything is https).
add an option ... don't use the cache, re-download
I think this is a good idea anyway, since the cache can become corrupt. For example, I know there is at least one code path exists where the sha1
s are recalculated after files are copied, which can result in source != destination.
True, but I think the fewer plaintext copies of passwords the better (rather than trusting myself to not screw up, I just don't keep passwords in text files and bash history)
They all have a private (RW) and a public (RO) URL now.
Nice, I like that solution! Thanks!
Recently someone (I think @lucaswerkmeister) complained that he could not use the upload repo Url to test his stuff. That was only an authentication issue and adding auth in the Url worked.
But there may be a use-case for making read-only access to it open without authentication, so that you can run CI with no auth, or even pass the Url to others to test. You could even use it as a kind of user-repo and store your modules there for others to use without publishing them on the main repo.
I suppose you could even use this for file storage and public sharing, which would be a lot less nice.
WDYT? Should I allow readonly access to these repos to everyone?