spdx-online-tools icon indicating copy to clipboard operation
spdx-online-tools copied to clipboard

Published 20 hours ago verified publisher icon spdx

Move to Github Apps for Submitting License Requests

Open rtgdk opened this issue 4 years ago • 2 comments

Currently, we use Github OAuth Apps to create issues in license-list and license-namespace repository. But Oauth apps have limited no of fixed permission with no way to modify read/write access. https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#available-scopes Github Apps provide finer-grained permissions - https://developer.github.com/apps/differences-between-apps/

We would like to move to Github Apps. For this, I suppose, changes will be needed only on the code side (utils.py) and requesting only the permissions which is needed - able to create issues in the https://github.com/spdx/license-list/ and https://github.com/spdx/license-namespace/ repo.

Linked Issue - #192

rtgdk avatar Jul 17 '20 09:07 rtgdk

@rtgdk - is this still live?

jlovejoy avatar Jun 21 '23 23:06 jlovejoy

Because the #192 was closed, I re-reported it as #498. The all repos write permissions are potential security problem.

yarda avatar Aug 14 '23 08:08 yarda