Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
A freelancer asked for my github personal access token (PAT) to start working on the opensource project.
I know you can set access rules for the PAT, but the guy already started off sounding hella scammy. 😬4 -
GitHub Packages Sucks. Like, it REALLY sucks.
It sounds like the best thing in the world - being able to host your project packages alongside your code! It has full support for Maven, Gradle, Ruby Gems, Node packages, Docker images and even dotnet CLI applications. It even lets you view statistics on how many developers have downloaded a given package! For public repositories, the packages are free to host as well!
So, I decide to use it for my Maven project since it's "so great". I've never used a public Maven repository before, so this was all very new to me. I follow the documentation - simply run "mvn deploy ...." and use a generated GitHub personal access token. No problems there. Deployment is a success and I feel a wave of happiness seeing my packages online. I follow through the various links and it even adds automatically generated usage information for other Maven users - fantastic!
That was, until I decide to try and download one of the files from this package repository. In order to download a file, you must have a GitHub access token. Okay, makes sense I guess? What if another developer wants to use my library? To do so, they have to generate their own GitHub access token, store it in their local ~/.m2/settings.xml file and only THEN can they use my library. So clearly, this is significantly inferior to other public Maven repositories where you don't have to get an access token to simply USE a library.
Upon discovering this, I decide to simply delete all of the packages and continue using whatever previous system I was using. Except of course, they forbid the deletion of public packages because "other projects could depend on it". The only way to delete public packages is to either:
[0] Make the repository private (losing all stargazers and watchers), delete the packages and then make the repository public again
[1] Contact support and ask them to delete the public packages. They say that they'll only do this for "special cases", such as legal issues or GDPR breaches.
I've sent a contact form and I'm currently hoping that they see things in my favor. I mean seriously - a public package repository where in order to use it you have to have a GitHub account and then generate an authentication token - it's absurd!3 -
Haven't pushed anything to my github repos for over a year. Tried it today and it took me FOURTY FUCKING MINUTES to figure out this Personal Access Token HORSESHIT.
FUCK YOU GITHUB, why must every aspect of software development become spoiled by PARANOID FUCKING FUCKWEASELS?5 -
What is the reason behind Git Access Tokens being viewable only once after generation on platforms like GitHub? I'm struggling to comprehend this approach as it compels me to store the key in an insecure manner.3
Top Tags
Weekly Rant
View