Proposal: create an account for a GitHub bot. #309
Labels
Comments
|
I am no sure that would prevent anything without giving up security guarantees we need, will it? We dont want to circumvent permissions issues without also being very careful what we automate. IMO I would rather deal with the stray permission limit than automate things which could open the door to accidental security issues. |
|
Do we know any example of such bot in other organizations? I have seen some dependency bot or stale issue tracker bot but they are usually limited to one thing. Not sure if you mean those? Building one ultimate bot is not easy and worth (opinion here). Adding dozens of them is a miss with a goal (another opinion). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Having an account for a bot could be a good idea; it would automate many tasks and prevent errors like expressjs/expressjs.com#1553, or help keep the .github repositories synchronized. Perhaps this account could handle releases when that can be automated, or add the labels that are being attempted to be added in #300 and expressjs/expressjs.com#1642.
The account would only have triage permissions in the three organizations.
The text was updated successfully, but these errors were encountered: