github OAuth authentication need ?
Olivier Berger
olivier.berger at telecom-sudparis.eu
Mon Nov 23 16:31:19 UTC 2015
Sandro Tosi <morph at debian.org> writes:
> On Mon, Nov 23, 2015 at 3:26 PM, Olivier Berger
> <olivier.berger at telecom-sudparis.eu> wrote:
>> I'm not sure I understand the need for authenticating to github, though,
>> as we're doing only read-only queries and some kind of throttling.
>>
>> Can you share a bit more details ?
>
> if you're not authenticated, then you get rate-limited; there some
> link out there that describes it in details, dont remember the exact
> url tho
>
OK, found it : https://developer.github.com/v3/#rate-limiting
>> I'd like to make the token configurable in the yaml file (and possibly
>> document its generation) but I'm in doubt about its actuall need.
>
> it's not different than all the other auth methods we use in the other btses
>
Well, they might as well move to the config file if needed ;-)
>> In any case something should be done to either regenerate a token or
>> make rid of it in the running instance of the code on sonntag :-/
>
> nope the token must be there, and cannot be regenerated easily (you
> have to do the github webpage and blabla)
>
Yes, I think the easiest way is under :
https://github.com/settings/tokens/new probably selecting the most
minimal set of permissions... not sure about which, exactly.
>> Thanks in advance, and sorry for the mess we might have caused.
>
> please have your students change that token, and please change it also
> in the code you run yourself. that would also apply to the other btses
> requiring authentication. only the bts on debian machines should use
> those login/pwd (yeah ok they are stored publicly, that doesnt mean
> the real bts needs to suffer from other tests if the user we use got
> banned/limited/suspended/etc)
>
Right.
I'll do and tell my students.
Also, I'll check whether there's a proper documentation on how to
regenerate a token, possibly programmatically.
Also, for tests, I guess caching would be interesting. I'll try and
check if that could be achieved with minimal effort.
Best regards,
--
Olivier BERGER
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)
More information about the Bts-link-devel
mailing list