14 comments

[ 2.9 ms ] story [ 44.7 ms ] thread
For some reason, HN isn't picking up the duplicate URLs being submitted. Annoying since it'd be better if one makes it to the front page. Would you upvote the following?

[removed]

EDIT: Actually this one is older (and just made it to the front page) https://news.ycombinator.com/item?id=5893168

(github login required, but worth it!)
Why is it asking for permission to "Update your public repositories (Commits, Issues, etc)."?
This was was linked to, I think indirectly, a week or two ago.

I asked the same thing there, and the reply I got was that it's required because it's a "beta" version of the book and they want reviewers to open issues/pull requests when problems are found.

It's an interesting idea, but there's no way I'm giving a stranger write access to my GitHub account.

If you look at the FAQ, they go over the reason for that:

  > Sadly, the Github oAuth mechanism is severely 
  > limited in how much access control that we can request. 
  > We just want the ability to create issues in one specific 
  > public repository, but the minimum privileges we can 
  > request from Github are the ones you see when you login. 
  > If you can convince someone at Github to add more 
  > granular permissions, let us know! However, we never 
  > store your authorization tokens in our server, and 
  > instead just directly pass your authorization token into 
  > a client-side cookie.
http://www.realworldocaml.org/#faq
Why is this sending me through github?
Probably one of the tricks poster use when there is already a duplicate submission that has not gained traction but they feel should.

Or maybe I am just feeling uncharitable. Still, I would like to know how this is done.

The link submitted here is on the other side of the login process. Hence, people are being redirected to GitHub for authorisation.
The book looks really interesting, as OCaml is a great language, but I don't see why it is necessary to grant the authors permission to "Read your public information." and "Update your public repositories (Commits, Issues, etc)." just to read and comment on the book. I suppose an argument could be made in favor of the Github login, but why do they need the ability to update my repositories for me? Sure they say they won't do anything with it, but in that case why do they ask for that permission in the first place?
If you look at the FAQ, they go over the reason for that:

  > Sadly, the Github oAuth mechanism is severely 
  > limited in how much access control that we can request. 
  > We just want the ability to create issues in one specific 
  > public repository, but the minimum privileges we can 
  > request from Github are the ones you see when you login. 
  > If you can convince someone at Github to add more 
  > granular permissions, let us know! However, we never 
  > store your authorization tokens in our server, and 
  > instead just directly pass your authorization token into 
  > a client-side cookie.
http://www.realworldocaml.org/#faq
can someone merge this topic with the other one on HN front page linking to the same book ?