нд, 12 січ. 2020, 16:34 користувач Paul Moore <[email protected]> пише:
> What wasn't clear to me was why they needed a GitHub app, and more so, why > it had to be registered against the whole PyPA organisation, rather > than against individual projects. > By design, GitHub Apps are installed into orgs or individual user accounts. You cannot "install" it into a repo. You can, however, limit its access to just one repo on the installation level. When non-admin users request to install an App, they are offered to choose if they want it for specific repos. But from my experience admins don't see this in the notifications. Maybe it's just a UX bug on GitHub. > > Lifters (maintainers) are supposed to execute a series of tasks like > > properly marking which versions > > of their packages get security updates, which are dangerous, posting > > release notes, confirming licenses > > and so on. > > That makes sense - but obviously, whether to commit to this sort of > thing would be a per-project decision, not something PyPA-wide. > Yep, except as per limitation above, it affects the org too. See, when a GitHub App is installed, this installation entity is a bond between that App and the org. App then acquires a token for such installation and can use it to query things. The interesting part is that every installation gets a rate limit of 5000 requests per hour plus some bonus requests on top of the org is big. --Sviatoslav. Sent from my phone, please pardon any typos. -- You received this message because you are subscribed to the Google Groups "pypa-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pypa-dev/CAFYONRDGFpo81GV1HPHjQREGwGSWd6FYRfdNYkb6RmkZe2nqEQ%40mail.gmail.com.
