open-source-ideas / ideas

💡 Looking for inspiration for your next open source project? Or perhaps you've got a brilliant idea you can't wait to share with others? Open Source Ideas is a community built specifically for this! 👋
6.59k stars 220 forks source link

GitHub repo that anyone can edit #140

Open Kreijstal opened 5 years ago

Kreijstal commented 5 years ago

Project description

[Describe the project the best you can. Give any background information or link to resources that are necessary to understand the problem it is intended to solve. The more you elaborate on your idea, the easier it is to accomplish.]

Are you familiar with Wikipedia version control system, or any wiki? Imagine a github repo that allows write access but disallows destructive edits aka history editing So I have an idea about making a server that allows anonymous write access to the repo but it will reject commits that change history. This will basically allow any repository to become wiki, (to the leisure of the mantainer, considering that this server should have access to this repo)

You would also track write permissions of certain directories/files, ban some ips, and some authentication system to these permissions You could in theory make your own wiki, using serverless computing and github.

Relevant Technology

[Write what technology is relevant. What language, what platform, any particular library/framework/existing project it is based on?] Probably github api, and knolwedge of git internals

Complexity and required time

[Please only tick off one box in each category by changing [ ] to [x]. The labels on the project will then be updated by the maintainers as soon as possible.]

Complexity

Required time (ETA)

KOLANICH commented 5 years ago

GitHub wiki allows access via git, but requires authentication.

Kreijstal commented 5 years ago

@KOLANICH I guess you missinterpreted me, I was not talking about the github wiki, but about the code itself being commitable by anyone.

KOLANICH commented 5 years ago

Then I don't think it is a good idea. Everyone can add a backdoor and noone is constantly auditing the code for a backdoor.

Kreijstal commented 5 years ago

Then I don't think it is a good idea.

Let that be a decision of the repo mantainer.

this depends on the project, if you only allow access to md or html files you could get on with your project.

everyone could add a back door but everyone can remove it as well, notify the admins/collabs and ban the user. Potentially you could also disallow anonymous JavaScript commits, to be more in control of your code if you distrusted the public that much. anyone can reverse those edits just like in wikipedia.

this is still useful in many cases say documentation githubs and what else.

I think the easiest way to implement this is instead of using a server to make GitHub API calls, use a bot that automatically merges pull requests that match the parameters

KOLANICH commented 5 years ago

but everyone can remove it as well

If noticed. Practice has shown that backdoors in open-source projects stay unnoticed for years and decades.

this is still useful in many cases say documentation githubs and what else.

For docs GH has wiki with git access. Though it disallows anonymous edits.

remram44 commented 5 years ago

Git is not very suitable for that, because every push can contain any number of commits, and every commit can change every file. Commits can also have fake metadata, e.g. committer/author/date, which can be abused too easily.

A wiki system can ensure that a user doesn't spam changes too quickly, can trace every change, and delete bogus versions without breaking the repo. Those are all important features for a publicly-writeable repo I think.

KOLANICH commented 5 years ago

Commits can also have fake metadata

Not a problem here - server can enforce that all the accepted commits have specific name and email.

remram44 commented 5 years ago

That would break the whole pull request workflow.

Kreijstal commented 5 years ago

Yes it might, the script would only merge pull requests that meet certain parameters, and it's easier to make that than to self host another wiki

KOLANICH commented 5 years ago

That would break the whole pull request workflow.

Another solution is to create own commits with the same content, setting the right metadata itself. But again, IMHO it is not needed, for docs GH has wiki, for code auto-merging all PRs without any review is not a good idea.

Kreijstal commented 5 years ago

you are right, for code it is not a good idea, for other content it is

bdsl commented 4 years ago

I don't think there's anything difficult here from a software point of view. Assuming the request is for a git repo, rather than specifically a repo on this website github.com, I think it's just about choosing tools and configuring them to allow anyone to commit but not 'force push' or erase history.

It's just a question of whether anyone wants to run such a service. The people running it would need to be monitor it and be ready at least to deal with complains of copyright violations or other unlawful content being uploaded.

remram44 commented 4 years ago

I think it would be nice to have some motivation for this idea. What is a use case of such a system? Preferably that is not already covered by wikis or pull requests?