

Problems With Github - CJefferson
http://chris-jefferson.blogspot.com/2011/09/problems-with-github.html

======
waffle_ss
Obviously you missed the text in parentheses in Part 1 - "Have an existing key
pair? You can skip to Step 4."

You can add as many public keys to your GitHub account as you want - I have
like half a dozen for the different computers I use.

~~~
CJefferson
Out of interest (serious question), do you know why someone would already have
files, unless they were an existing key pair? Shouldn't step 2 say, if you
already have any files, "Wow, something is up, what are these files doing
here?". Alternatively, why not just start people off using username+password
rather than fiddling with keys?

Also, my belief is that newbies might not realise exactly what having "an
existing key pair" is, and what it might already be connected to (VPNs or
shell accounts they set up years ago, for example).

~~~
waffle_ss
SSH keys are used because they are the de facto standard for git
authentication - GitHub didn't invent this, this is pretty much how it is done
with any remote git repo.

I don't use Mac, so am not sure what applications might generate keypairs that
the user would not be familiar with. But, the guide does have a step that
moves existing keys to a backup folder, so they shouldn't get deleted, in any
case. I'm not totally sure why they want a clean private key, and don't let
the user simply copy the existing public key over if a keypair already exists.

------
x0ner
How this made it up to my reader is beyond me. If handling the SSH keys is
hard enough then I am afraid to see what you do when automerge fails and you
need to resolve your conflicts manually. In my short time using github, I have
came across issues, but they usually involved me just not understanding the
design or usage of git. Read the guides or the book they put on their site. It
is short, interesting and leaves you feeling a bit more confident in what you
are doing.

<http://book.git-scm.com/>

------
wccrawford
tl;dr - Oh noes, GitHub attempts to make it easy for newbs, and so I can't be
smart and do things normally, despite them putting up no barriers to that!

~~~
CJefferson
You don't think blindly telling people to move their ssh private key, if it
already exists, might lead to newbs breaking their computers? Certainly it
would have broken mine if I had done it.

~~~
gks
Overall I found the blog entry to be lacking any real reasoning why one
shouldn't switch or vice-versa. It just feels like a blantant "I want to be on
Hacker News" post.

~~~
CJefferson
That is I think a sign of bad writing on my part. I certainly didn't write
this to be on hacker news, I just wrote it because I was suprised how hard,
and possibly dangerous, github's newbie guide is (I have now clarified that I
am talking about following github's newbie guide, vs. bitbuckets).

I did then submit to hacker news on a whim, first time writing a post, next
time I'll sit on a little longer and re-read it later, to make sure I've
clearly made my point.

~~~
Kwpolska
Read the WHOLE guide, then act. It clearly says that you shall not re-create
the key if you have one.

~~~
CJefferson
Are you referring to this line?

"Check for SSH keys. Have an existing key pair? You can skip to Step 4"

I think many people might not know what that means. Also, why does the next
step tell you to move any key pairs you already have, if you are only supposed
to do this step if you don't have a key pair?

There is a possibility I'm confused, but I think this guide assumes too much,
and makes users undertake possibly dangerous changes, when the easier option
(login with username/password) is much less risky.

