DEV Community

loading...

Discussion on: Automating new contributor issues with First Timers Bot

Collapse
dmfay profile image
Dian Fay

Interesting idea! Question: what's your security model? The issue template says that claiming an issue will add you as a "contributor". From a quick look I'm not seeing anything about forking, so I assume this means "collaborator" access privileges to the central repository. That's more access than I would want to give anyone automatically; collaborators can do a lot more than push a single branch. Am I missing something?

Collapse
angieg0nzalez profile image
Angelica Gonzalez Author

Hi Dian! The bot doesn't do anything regarding automatically adding contributors or giving any user permissions. Maybe we need to reword that part of the template to be more clear.

The way hoodie handles contributions is that the contributor comments on the issue "claiming" it. Then an admin invites that person as a collaborator. But for your project, if you prefer them forking the repo, then you can configure a new template with the steps that work for your project.

Collapse
dmfay profile image
Dian Fay

I see. Yeah, I wouldn't want to just hand out write access, but it's good that it's not tied to one way of doing things. It should probably be clarified in the template both so any security implications are more obvious & so whoever claims an issue isn't expecting instant access if the intent is for them to work in-branch on the central repository.