I hesitate to do this because I don’t like putting personal access tokens anywhere I’m not certain is absolutely private. I know I could create one and invalidate it after the GH submission, but I worry that I would forget to do so and might have a token floating around. I maintain a popular (10-million+ downloads/week) library on GitHub, and would not be happy to have any credentials leak.
It would be great if GitHub would allow tokens specific to one repo or one group, but last I checked this wasn’t possible.
So if I download a copy of the PR wiki, it wouldn’t be included? That’s nice to know and makes me feel a little happier. But it would still be a nagging worry for me.
Right. … The token is only known to your browser. … BUT … it is stored to the local storage in plain text. So everyone, that has access to your computer can easily read it, if they know where to search for it and you don’t have a lock-screen on your PC.
That’s usually not a problem for most users, but if you share a computer at work it can be an issue.
As common for single file TiddlyWiki’s. By default no info is sent to the server, that hosts the single file wiki. Except you use 3rd party plugins that do sent info to any server.
That’s not a concern. I have other sensitive material stored on my work PC, usually encrypted somehow, but sometimes in plain text. I was mostly worried that I’d make and share a copy of such a wiki without removing the token. If it’s in local storage, then most of my fears are allayed. And perhaps then I’ll try using the PR maker.
Is there anyway we could have a similar wiki for submitting changes to the core rather than simply tiddlywiki.com?
One example I have would be introducing a new macro to be included, in this case making an existing macro trapped inside an existing tiddler publicly available.
Of course all the normal documentation and approvals would be required.