[pytest-dev] Disabling third-party application access on GitHub

Florian Bruhin me at the-compiler.org
Thu Sep 10 17:05:36 CEST 2015


currently, if I enable an application to access my GitHub account,
it'll also have the same access to all pytest-dev repositories.

This is obviously... not so cool.

I'd like to change[1] that, however that comes with a few caveats[2]

The most important is probably this one:

- SSH keys created before February 2014 immediately lose access to the
  organization's resources (this includes user and deploy keys).

  When an SSH key created before February 2014 loses access to an
  organization with third-party application restrictions enabled,
  subsequent SSH access attempts will fail. Users will encounter an
  error message directing them to a URL where they can approve the key
  or upload a trusted key in its place.

I'm guessing the reason for this is (random guess) because there
wasn't any distinction between user- and application-keys before then.

I'm not 100% sure what exactly the impact will be, but this might
impact pushing until the key is re-approved for everyone with a key
older than that.

Any objections? If not, I'd like to flip the switch on Saturday.


[1] https://help.github.com/articles/disabling-third-party-application-restrictions-for-your-organization/
[2] https://help.github.com/articles/about-third-party-application-restrictions/

http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
         I love long mails! | http://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/pytest-dev/attachments/20150910/29034c98/attachment.sig>

More information about the pytest-dev mailing list