[Nix-dev] NixOS GitHub third party application restrictions

Domen Kožar domen at dev.si
Tue Oct 4 16:47:58 CEST 2016


OK, I've enabled the restrictions. I'll readd travis-ci.

On Tue, Oct 4, 2016 at 3:31 PM, zimbatm <zimbatm at zimbatm.com> wrote:

> Hi Domen,
>
> It's a way to control the attack surface.
>
> When a person is added to the NixOS contributors we trust that person to
> not do anything shady. But that person can install third-party apps to
> which that trust is then delegated to. Not everyone thinks about the
> implications of that carefully, or they might be required for work reasons.
>
> Making that change would allow us to control which third-parties we want
> to trust and control the attack surface better.
>
> On Tue, 4 Oct 2016 at 14:01 Domen Kožar <domen at dev.si> wrote:
>
>> I fail to understand what are the implications here. Can you elaborate
>> current situation vs. what would the change bring?
>>
>> On Sat, Sep 24, 2016 at 10:43 PM, zimbatm <zimbatm at zimbatm.com> wrote:
>>
>> Yes that should be made the default. I think only Eelco has access to the
>> org settings.
>>
>> On Mon, 19 Sep 2016, 20:43 Kevin Cox, <kevincox at kevincox.ca> wrote:
>>
>> Hello, for contributors to the NixOS organization it is impossible to
>> give a third party GitHub integration access to any of my organizations
>> without also giving it access to the NixOS org. The link below has some
>> more information about how to change this for NixOS but it will likely
>> remove some webhooks and other auths (ex: Travis) that will need to be
>> readded. One set third party won't get access to NixOS unless explicitly
>> enabled.
>>
>> https://help.github.com/articles/about-third-party-
>> application-restrictions/
>>
>> I hope that this setting can be changed so that I can continue using
>> third party tools for my personal uses without affecting the NixOS org.
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161004/2435d59b/attachment-0001.html>


More information about the nix-dev mailing list