One thing I noticed: Using the GitHub UI, I added a collaborator to a repository. I saw that they committed changes without any authority / approval from me. It was a private repository.
With private repositories, how do I give someone read开发者_运维问答 access versus write access?
With private repositories, how do I give someone read access versus write access?
This kind of permission is not available for simple accounts. When you add an user as a collaborator, he gains read/write permissions.
The story changes if you own an Organization. Organizations contains teams and each team can have different level of access, including read-only. You can assign users to a specific read-only group, and they will only have pull access to the repositories.
Private repositories in an ordinary user account are an all-or-nothing deal: either someone has full read/write access (i.e., they're a collaborator) or they have no access. However, if you set up an organization, create the repo under the aegis of the organization, and then add the collaborator, you have much more fine-grained control (including giving read-only access to a private repo).
精彩评论