Clarify config

[PeterDaveHello]

Hi there,

I wanna confirm that the auth_token and post_secret is secret of what? https://github.com/jsdelivr/bot/blob/master/config.yml#L5-L6

I guest auth_token is for GitHub auth, what about post_secret? For Gist only? Thanks.

[PeterDaveHello]

Oh, I guest it's for webhook? :smile:

[jimaek]

@PeterDaveHello Please be aware that the bot doesn't have a license, meaning that we retain all rights.

This means that you retain all rights to your source code and that nobody else may reproduce, distribute, or create derivative works from your work.

I spend a lot of money and time to improve and develop jsDelivr. I dont appreciate cdnjs being an asshole https://twitter.com/PeterDaveHello/status/640524883013734400 and using our own tools against us

[PeterDaveHello]

@jimaek oops, sorry make you unhappy, no offense, just your bot looks very cool :smile:

[jimaek]

If you want something similar you can develop it yourself without using any of our code. The other alternative is to use https://github.com/jsdelivrbot/ instead of hosting it yourself. We can add cdnjs support. This way we would get some promotion and exposure, instead of nothing.

[PeterDaveHello]

Oh sure, I will do another bot in free time, you really did a great job on the bot :+1: I am just interesting of your bot, and also since you are not so happy with that, I just wanna say, no worry! As I'm also a jsdelivr contributor, (#49, https://github.com/jsdelivr/jsdelivr/commits?author=PeterDaveHello), I'm not going to be your enemy, I believe that the things we are doing are both making the world better, aren't we? Sorry to make you unhappy again.

[jimaek]

np. If you need anything or have any questions just send me an email.

[megawac]

@PeterDaveHello to address the question in this issue post_secret is the decrypted X-Hub-Signature used to verify the webhook request is from github. See the documentation on the pubhubsubbub docs

http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.3.html#authednotify