latest 20 messages by jlk

+ [2020-03-06T20:35:05Z] jlk there is no standard way. Developers can use a wide array of methods to version their software.
+ [2020-02-25T17:55:39Z] jlk https://www.githubstatus.com/
+ [2020-01-28T21:57:23Z] jlk You are rebasing locally and then force pushing the results? Sounds like then you need something configured in your local git settings to sign all the rebased commits
+ [2019-10-07T17:44:17Z] jlk allowing everybody to create new branches in a repository would be a huge abuse venue. People could add all sorts of unsavory things to one's repository.
+ [2019-10-07T17:43:47Z] jlk it's necessary if you do not otherwise have write access to the original repository
+ [2019-10-07T17:42:51Z] jlk Birdface: you'll need to create a fork of the repository. THen you'll be able to push your branch to your fork, and from there create a pull request.
+ [2019-10-01T21:47:52Z] jlk I've fallen for that trap before
+ [2019-10-01T00:13:44Z] jlk or make use of a different secret store inside the action.
+ [2019-10-01T00:13:37Z] jlk playing around, I see what you mean. You'r egoing to have to decide if you trust the people you've given write access to or not.
+ [2019-10-01T00:07:38Z] jlk Gandalf84: you either need to trust them, or remove direct write access to only those that are trusted and ask that the others use read access to create forks and open PRs
+ [2019-10-01T00:07:12Z] jlk Gandalf84: anybody with write access to your repository can already read and use secrets.
+ [2019-09-30T23:20:51Z] jlk I think you'd want to be careful about who you grant write access to in. your repository
+ [2019-09-18T21:24:34Z] jlk That isn't really recorded in git metadata
+ [2019-09-17T17:44:15Z] jlk https://developer.github.com/v3/apps/permissions/#permission-on-issues
+ [2019-09-17T17:42:57Z] jlk if the're provided the right authorization to do so
+ [2019-09-17T17:42:49Z] jlk yes
+ [2019-09-17T17:31:56Z] jlk so you can't use it against another repo I believe.
+ [2019-09-17T17:31:46Z] jlk a GITHUB_TOKEN is a GitHub App token that's scoped to the specific repo the Action is associated with
+ [2019-09-13T16:59:34Z] jlk https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys
+ [2019-09-13T16:59:04Z] jlk Even API calls will require authentication. SOME logged in user will have to add the public side of your key. The public side can be added as a "deploy key" which would allow for a robot or otherwise "non-account" to gain access to the code.