For some reason, HN isn't picking up the duplicate URLs being submitted. Annoying since it'd be better if one makes it to the front page. Would you upvote the following?
This was was linked to, I think indirectly, a week or two ago.
I asked the same thing there, and the reply I got was that it's required because it's a "beta" version of the book and they want reviewers to open issues/pull requests when problems are found.
It's an interesting idea, but there's no way I'm giving a stranger write access to my GitHub account.
If you look at the FAQ, they go over the reason for that:
> Sadly, the Github oAuth mechanism is severely
> limited in how much access control that we can request.
> We just want the ability to create issues in one specific
> public repository, but the minimum privileges we can
> request from Github are the ones you see when you login.
> If you can convince someone at Github to add more
> granular permissions, let us know! However, we never
> store your authorization tokens in our server, and
> instead just directly pass your authorization token into
> a client-side cookie.
The book looks really interesting, as OCaml is a great language, but I don't see why it is necessary to grant the authors permission to "Read your public information." and "Update your public repositories (Commits, Issues, etc)." just to read and comment on the book. I suppose an argument could be made in favor of the Github login, but why do they need the ability to update my repositories for me? Sure they say they won't do anything with it, but in that case why do they ask for that permission in the first place?
If you look at the FAQ, they go over the reason for that:
> Sadly, the Github oAuth mechanism is severely
> limited in how much access control that we can request.
> We just want the ability to create issues in one specific
> public repository, but the minimum privileges we can
> request from Github are the ones you see when you login.
> If you can convince someone at Github to add more
> granular permissions, let us know! However, we never
> store your authorization tokens in our server, and
> instead just directly pass your authorization token into
> a client-side cookie.
14 comments
[ 2.9 ms ] story [ 44.7 ms ] thread[removed]
EDIT: Actually this one is older (and just made it to the front page) https://news.ycombinator.com/item?id=5893168
I asked the same thing there, and the reply I got was that it's required because it's a "beta" version of the book and they want reviewers to open issues/pull requests when problems are found.
It's an interesting idea, but there's no way I'm giving a stranger write access to my GitHub account.
http://caml.inria.fr/pub/docs/manual-camlp4/manual007.html
Or maybe I am just feeling uncharitable. Still, I would like to know how this is done.