GitHub repo that anyone can edit

[Kreijstal]

Project description

[Describe the project the best you can. Give any background information or link to resources that are necessary to understand the problem it is intended to solve. The more you elaborate on your idea, the easier it is to accomplish.]

Are you familiar with Wikipedia version control system, or any wiki? Imagine a github repo that allows write access but disallows destructive edits aka history editing So I have an idea about making a server that allows anonymous write access to the repo but it will reject commits that change history. This will basically allow any repository to become wiki, (to the leisure of the mantainer, considering that this server should have access to this repo)

You would also track write permissions of certain directories/files, ban some ips, and some authentication system to these permissions You could in theory make your own wiki, using serverless computing and github.

Relevant Technology

[Write what technology is relevant. What language, what platform, any particular library/framework/existing project it is based on?] Probably github api, and knolwedge of git internals

Complexity and required time

[Please only tick off one box in each category by changing [ ] to [x]. The labels on the project will then be updated by the maintainers as soon as possible.]

Complexity

• [ ] Beginner - This project requires no or little prior knowledge of the technolog(y|ies) specified to contribute to the project
• [ ] Intermediate - The user should have some prior knowledge of the technolog(y|ies) to the point where they know how to use it, but not necessarily all the nooks and crannies of the technology
• [x] Advanced - The project requires the user to have a good understanding of all components of the project to contribute

Required time (ETA)

• [ ] Little work - A couple of days
• [ ] Medium work - A week or two
• [x] Much work - The project will take more than a couple of weeks and serious planning is required

[KOLANICH]

GitHub wiki allows access via git, but requires authentication.

[Kreijstal]

@KOLANICH I guess you missinterpreted me, I was not talking about the github wiki, but about the code itself being commitable by anyone.

[KOLANICH]

Then I don't think it is a good idea. Everyone can add a backdoor and noone is constantly auditing the code for a backdoor.

[Kreijstal]

Then I don't think it is a good idea.

Let that be a decision of the repo mantainer.

this depends on the project, if you only allow access to md or html files you could get on with your project.

everyone could add a back door but everyone can remove it as well, notify the admins/collabs and ban the user. Potentially you could also disallow anonymous JavaScript commits, to be more in control of your code if you distrusted the public that much. anyone can reverse those edits just like in wikipedia.

this is still useful in many cases say documentation githubs and what else.

I think the easiest way to implement this is instead of using a server to make GitHub API calls, use a bot that automatically merges pull requests that match the parameters

[KOLANICH]

but everyone can remove it as well

If noticed. Practice has shown that backdoors in open-source projects stay unnoticed for years and decades.

this is still useful in many cases say documentation githubs and what else.

For docs GH has wiki with git access. Though it disallows anonymous edits.

[remram44]

Git is not very suitable for that, because every push can contain any number of commits, and every commit can change every file. Commits can also have fake metadata, e.g. committer/author/date, which can be abused too easily.

A wiki system can ensure that a user doesn't spam changes too quickly, can trace every change, and delete bogus versions without breaking the repo. Those are all important features for a publicly-writeable repo I think.

[KOLANICH]

Commits can also have fake metadata

Not a problem here - server can enforce that all the accepted commits have specific name and email.

[remram44]

That would break the whole pull request workflow.

[Kreijstal]

Yes it might, the script would only merge pull requests that meet certain parameters, and it's easier to make that than to self host another wiki

[KOLANICH]

That would break the whole pull request workflow.

Another solution is to create own commits with the same content, setting the right metadata itself. But again, IMHO it is not needed, for docs GH has wiki, for code auto-merging all PRs without any review is not a good idea.

[Kreijstal]

you are right, for code it is not a good idea, for other content it is

[bdsl]

I don't think there's anything difficult here from a software point of view. Assuming the request is for a git repo, rather than specifically a repo on this website github.com, I think it's just about choosing tools and configuring them to allow anyone to commit but not 'force push' or erase history.

It's just a question of whether anyone wants to run such a service. The people running it would need to be monitor it and be ready at least to deal with complains of copyright violations or other unlawful content being uploaded.

[remram44]

I think it would be nice to have some motivation for this idea. What is a use case of such a system? Preferably that is not already covered by wikis or pull requests?