re: Automating new contributor issues with First Timers Bot VIEW POST

FULL DISCUSSION
 

Interesting idea! Question: what's your security model? The issue template says that claiming an issue will add you as a "contributor". From a quick look I'm not seeing anything about forking, so I assume this means "collaborator" access privileges to the central repository. That's more access than I would want to give anyone automatically; collaborators can do a lot more than push a single branch. Am I missing something?

 

Hi Dian! The bot doesn't do anything regarding automatically adding contributors or giving any user permissions. Maybe we need to reword that part of the template to be more clear.

The way hoodie handles contributions is that the contributor comments on the issue "claiming" it. Then an admin invites that person as a collaborator. But for your project, if you prefer them forking the repo, then you can configure a new template with the steps that work for your project.

 

I see. Yeah, I wouldn't want to just hand out write access, but it's good that it's not tied to one way of doing things. It should probably be clarified in the template both so any security implications are more obvious & so whoever claims an issue isn't expecting instant access if the intent is for them to work in-branch on the central repository.

code of conduct - report abuse