Code
Issues
Pull requests
Wikis
Settings
Webhooks and services
Deploy keys "
Indeed, no way am I authorizing this. Why does it need deploy keys and settings access. That's insane. I can't even do that because that would give it access to my job's code too, although I should probably create a new, separate GitHub account for my job. One time I said yes to one of these, tenexer I think it was, and the thing added webhooks to all hundred some private repos for my job. I ended up having to create a script to remove all those hooks. I could have been fired for that I bet.
https://developer.github.com/v3/oauth/#scopes
There just isn't much granularity there - GitHub OAuth enabled integrations that need repository access can jump from having no specified scope - which grants access to your profile data only - to scope 'public_repo', which grants read-write access to all the data you've listed above, in any public repository, and then to scope 'repo', which grants the same for public and private repos.
It's a shame, because most GitHub integrations I've seen seem to need enough access to just list your repositories (public and private) and ask your permission to enable a webhook on a given repo at your request.
There's no way to do that with GitHub OAuth at the moment without asking for the 'repo' scope, and along with it a whole load of privileges that most people just can't / won't feel comfortable granting.
switch branch: https://dl.dropboxusercontent.com/u/52991/prose.io/switch_br...
edit file (pretty useful for READMEs): https://dl.dropboxusercontent.com/u/52991/prose.io/edit.png
Is there an open industry standard for implementing ACL policies flexibly like the one Amazon has?
GH has OAuth scoping, but it needs to be more fine-grained. Say, configurable to per-repository level.
There are screenshots here: http://developmentseed.org/blog/2012/june/25/prose-a-content...
Prose is an open source node.js app, and can be self-hosted: https://github.com/prose/prose
As far as I remember in order to get the GitHub authentication piece working you need to use an external app simply for the authentication with GitHub. DevelopmentSeed also wrote an app for this called gatekeeper (I think) which I believe is a node.js application.
impressive stuff.
I believe all the gatekeeper does is forward the oauth confirmation callback to prose so the client side app can use it.
So, anyone worried about security can run their own gatekeeper and their own prose without having to worry about the NSA (oh, wait…)
They have a markdown editor, similar to the one github offers, but have a few extra features to deal with Jekyll specific stuff like drafts, image uploading and a distraction free writing mode.
"Hi! I'm a purist. I use VIM to edit my Github textfiles. If you configure VIM correctly, it'll work better than anything in the world!"
"Hi! I'm a non-purist and have tried 50 different tools, let me list them out!"
I don't ever see any other tool or article reposted as much as Prose.io
It's not about 'editing your github files', and anybody who brings up VIM is definitely missing the point (it's not for you!). As I understand it Prose is about the potential to host totally CMS-free sites (e.g. Jekyll sites) on Github and give your customers a decent editor to alter their content.
It's potentially combining the best of the 'push to git to deploy static site' ethos with 'CMS-like editing capabilities so your customers can reasonably edit content'. I think that's why a lot of people are watching this project closely.
I personally would be happy to see this reposted once a month so we can see its progress and maybe encourage more competition in this space.
However, there's nothing visibly new with each repost. If someone posted like a release, or maybe a changelog, or a blog post with some feature updates, sure. But as of right now, I see Prose get reposted monthly, with no visible changes. And THAT'S annoying.
(Ideally I'd run it on App Engine.)
Great, clean interface
It has a tiny tiny server-side component that exists only to complete the oauth handshake (for the remote server to have something to call back to), called gate keeper.
It's completely open source and self-hostable. They also make a webhook so you can trigger rebuilding on your own server.
They built it to be able to replace their need on a traditional CMS when they switched from Drupal to Node.JS many years ago.
http://developmentseed.org/blog/2012/07/27/build-cms-free-we...
DevelopmentSeed was the company that eventually spun off into MapBox.com, the open source open data map tile hosted service.
They have a long history with the open source community, and are spearheading a lot of the open source mapping stack by employing the lead developers of mapnik, leaflet and much more.
Other than Mapbox.com and Prose.io they also built :
TileMill - https://www.mapbox.com/tilemill/ - An node-webkit based map designer
Id - http://ideditor.com/ - The OpenStreetMap editing interface
(disclaimer: I used to work for them, and left around the time they spun off into mapbox)
2. It's cool that there is a publish button that shows if it has been published, but then when I clicked on it, it said it would be unpublished. I know I have to save first, but that was kind of bad UX. Also when I click it again to set it back to publish, the record still appears to be dirty, with changes to save. Kind of unsettling since I was just browsing to see the functionality.
One more thing: Is there a service (hosted or otherwise) that has this kind of web based editing with a preview of MY website, not just the plain Markdown? I like that non devs could edit it, but we also have our own CSS that could change the way it looks (video embedding, etc.).
... except for the "learn more" button which takes you to a page which explains very very little.
nice font.
Code, Issues, Pull requests, Wikis, Settings, Webhooks and services, Deploy keys"
...nope!
