[Nix-dev] NixOS GitHub third party application restrictions

zimbatm zimbatm at zimbatm.com
Tue Oct 4 15:31:30 CEST 2016 

Hi Domen,

It's a way to control the attack surface.

When a person is added to the NixOS contributors we trust that person to
not do anything shady. But that person can install third-party apps to
which that trust is then delegated to. Not everyone thinks about the
implications of that carefully, or they might be required for work reasons.

Making that change would allow us to control which third-parties we want to
trust and control the attack surface better.

On Tue, 4 Oct 2016 at 14:01 Domen Kožar <domen at dev.si> wrote:

> I fail to understand what are the implications here. Can you elaborate
> current situation vs. what would the change bring?
>
> On Sat, Sep 24, 2016 at 10:43 PM, zimbatm <zimbatm at zimbatm.com> wrote:
>
> Yes that should be made the default. I think only Eelco has access to the
> org settings.
>
> On Mon, 19 Sep 2016, 20:43 Kevin Cox, <kevincox at kevincox.ca> wrote:
>
> Hello, for contributors to the NixOS organization it is impossible to
> give a third party GitHub integration access to any of my organizations
> without also giving it access to the NixOS org. The link below has some
> more information about how to change this for NixOS but it will likely
> remove some webhooks and other auths (ex: Travis) that will need to be
> readded. One set third party won't get access to NixOS unless explicitly
> enabled.
>
>
> https://help.github.com/articles/about-third-party-application-restrictions/
>
> I hope that this setting can be changed so that I can continue using
> third party tools for my personal uses without affecting the NixOS org.
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161004/ed945f19/attachment.html>

More information about the nix-dev mailing list