SSH vs HTTPS #895
Comments
|
There were some very valid concerns about security of instructors showing their PAT or students having their PAT exposed (#778 (comment)). But most tutorials strongly recommend against keeping your PAT in any plain text file and instead use a git-supported credential manager. Instructors should also delete the PAT they create for the course immediately after in the unlikely event that someone takes a screenshot and attempts to use it for malicious purposes. |
|
See also #857 for difficulties teaching SSH protocol for GitHub |
|
thank you for the feedback. There have been long discussions regarding SSH vs PAT. The end result is the git lesson inherited it because the Unix Shell maintainers suggested the best example for using it is git. We did decide to #778 (comment), so an instructor can determine what they have time to go over. And, many people agreed that SSH is better than PATs, because SSH is used more widely (and often in command line situations, not just for git). There is a supplemental SSH episode still in development which includes PATs. Please feel free to contribute. Issue #824 describes how to contribute and provides a space for discussion. |
I know this topic has been discussed at depth (#778), but I feel like it might be worth revisiting. Almost every tutorial I encounter except the Carpentries recommends using HTTPS with a PAT for GitHub (happygitwithr, the
usethisR package, and the fact that it's the GitHub default, to name a few). The reasons listed by these sources in favor of using and teaching HTTPS are:The arguments I see in discussions in this repo in favor of SSH seem mostly philosophical:
I just think this might be worth revisiting since many other git/GitHub tutorials strongly recommend HTTPS and it seems like the majority of sources think it's less likely to cause (technical) problems for students.
The text was updated successfully, but these errors were encountered: