<fijal>
ebarrett: that's a very strange request, why is that?
<ebarrett>
fijal: I want to install a third party app for a CI task, but it automatically gets access to all of the organisations that don't have that setting locked down it seems
<ebarrett>
and quite frankly, I don't want it to have access to your hippy repo
<arigato>
ebarrett: obviously, we are wary of tweaking global permissions for the benefit of one user. I'm sure you can do it differently, like create another github account and give it access to exactly the repos you want
<arigato>
or just remove yourself from hippyvm repo access (it's not active any more anyway)
jcea has quit [Remote host closed the connection]
<arigato>
ebarrett: the correct-but-a-bit-useless answer is that if we change the settings now, nothing guarantees that they won't be changed again in a few months, so you need to come up with a way of testing that the settings are correct (in theory)
<arigato>
...and finally the most practical advise:
<arigato>
just ignore the problem, the app you're installing is not supposed to do bad things with the repo and if it does we can revert---or more likely not notice because no-one looks at hippyvm anyway
<tos9>
also github is terrible that they haven't added granular permissions at permit-time for this
<tos9>
good thing there's bitbucket and mercurial though for competition
<arigato>
"ha ha"
<tos9>
too soon?
<arigato>
it's unclear if you mean that as a joke?
<tos9>
arigato: the fact that github should 100% support users modifying granular permissions there is not a joke
<tos9>
arigato: rubbing salt in the mercurial wound though
<tos9>
yeah that's a joke
<ebarrett>
arigato: fair enough, but be aware that I'm advising a locking-down, not an opening up
<arigato>
right :-)
<ebarrett>
as it stands anyone's plugins in your hippyvm organisation can access your code
<ebarrett>
you probably don't want that, especially given some apps request R/W access to the repo
<arigato>
that's fine with us because we trust people in our organizations not to do bad things
<ebarrett>
if you lock it down, third parties will have to ask permission
<ebarrett>
ok fair enough ;)
<ebarrett>
I don't trust people :P
<arigato>
what we're not fine with is to explicitly reduce permissions so that one user can install some plugin he doesn't trust, because then if in a few months we forget and re-enable that permission, we might end up in a situation where that user has to apologize a lot
<arigato>
so it's better if that user makes the decision upfront about using that plugin
<arigato>
you can decide the plugin is safe enough, and that's likely fine for us
<kenaan>
mattip pypy.org[extradoc] 1d7194367707 /: remove references to numpypy, numpy is now just a "normal" c-extension module Maybe someday we will re...
<mattip>
arigato: the last regeneration also rebuilt performance.html for 9fc40ec9dd54
<ebarrett>
arigato: i've already moved the repo off github, because I don't want to allow third party access to hippyvm ;)
<ebarrett>
(my repo, that is)
ajlawrence has joined #pypy
xorAxAx has joined #pypy
<xorAxAx>
.
jacob22 has quit [Quit: Konversation terminated!]
jacob22 has joined #pypy
ajlawrence has quit [Remote host closed the connection]