Closed ashleygwilliams closed 6 years ago
I understand the trade-off this feature means, but it has not been a problem for ElixirStatus.
However: If you want to contribute this as a PR, I would accept it.
I find that approach (also showing in the renaming of the title) dangerous. The feature is not a trade-off, it can currently be abused. Just because it currently isn't, doesn't mean it won't.
The hole even gets a bit wider by the fact that if you delete posts on elixirstatus, the attached tweet isn't deleted, making cleanup hard.
I can understand that development is time-consuming and it cannot be fixed in a second, but this is not an "enhancement", this is serious bug.
Nevertheless, I'll see if I can invest some work into this (possibly next weekend), as I stopped promoting the Rust Herald because of this.
I started working on this here https://github.com/Hanspagh/elixirstatus-web/tree/fix-twitter-handle-auth What I did
You will need both a twitter and github test application to try it out
@Hanspagh \o/
I wont have much more time to work on this before next week, so fell free to continue if you have the time
@skade I will gladly accept contributions to this project! Thx :+1:
hello! i'm filing this here as we use it for rust-lang. (https://herald.community.rs)
the twitter handle is a string, so anything can be put there. this could be used to suggest that someone is the author of a post that they didn't author, which is a way to harass someone. (e.g. write an inappropriate post, or just any post, or number of posts to ping that person on twitter.)
i would recommend that the twitter handle be added via a authentication step only, so that only people with access to an account can have that account mentioned via the automated tweeting process.
for example, i authed with my GitHub account but put my partner's twitter handle: https://twitter.com/RustHerald/status/885590557082439680
since GitHub accounts are free, having to authenticate with GitHub doesn't significantly reduce the harassment vector here :/