First, they restricted code search without logging in so I’m using sourcegraph But now, I cant even view discussions or wiki without logging in.
It was a nice run
First, they restricted code search without logging in so I’m using sourcegraph But now, I cant even view discussions or wiki without logging in.
It was a nice run
I’m still stuck on why I have to create a password-equivalent API token, and then store it on my hard drive if I want an at-all-convenient workflow.
“How is storing it on my hard drive more secure”
“How is it more secure now, seems like now there are two points of failure in the system, and anyway I keep hearing about security problems in github which this hasn’t been a solution to any of them”
An API token is more secure than a password by virtue of it not needing to be typed in by a human. Phishing, writing down passwords, and the fact that API tokens can have restricted scopes all make them more secure.
Expiration on its own doesn’t make it more secure, but it can if it’s in the context of loading the token onto a system that you might lose track of/not have access to in the future.
Individual API tokens can also be revoked without revoking all of them, unlike a password where changing it means you have to re-login everywhere.
And that’s just the tip of the iceberg. Lmk if you have questions, though.