Support for private repositories #32
Description
If you want this feature for your personal private repositories, please react with a 👍.
If you want this for your team/company/organization private repositories, react with a ❤️.
Follow @devhub_app on Twitter to be notified when this becomes available.
Add support for:
- Showing activities of private repositories
- Enhance notifications of private repositories
Implementation requirements
- Request only the permissions that are strictly necessary
- For this reason, we will need to migrate from
OAuth ApptoGitHub App(see comparison)
- For this reason, we will need to migrate from
Why not enable private access using the current implementation?
GitHub OAuth Apps have a very broad and dangerous permission scope. See this petition for details. For example, to be able read activities (issue comments, ...) from private repositories, we need to request the repo scope. And this is what it gives access to:
As a security precaution, DevHub does not intend to ask for this permission, since it doesn't ever need any code or write access.
TL/DR: This feature is planned and is high priority.
But to do it right, first we need to make DevHub work as a GitHub App instead of OAuth App. This will cause an increase of server usage and costs.
Follow @devhub_app on Twitter to be notified when this becomes available.