diff --git a/app/retrogit.go b/app/retrogit.go
index 363d20a..ae08487 100644
--- a/app/retrogit.go
+++ b/app/retrogit.go
@@ -41,6 +41,7 @@ func init() {
router = mux.NewRouter()
router.Handle("/", AppHandler(indexHandler)).Name("index")
+ router.Handle("/faq", AppHandler(faqHandler)).Name("faq")
router.Handle("/session/sign-in", AppHandler(signInHandler)).Name("sign-in").Methods("POST")
router.Handle("/session/sign-out", AppHandler(signOutHandler)).Name("sign-out").Methods("POST")
@@ -157,6 +158,10 @@ func indexHandler(w http.ResponseWriter, r *http.Request) *AppError {
})
}
+func faqHandler(w http.ResponseWriter, r *http.Request) *AppError {
+ return templates["faq"].Render(w, nil)
+}
+
func signInHandler(w http.ResponseWriter, r *http.Request) *AppError {
config := &githubOauthConfig
if r.FormValue("include_private") != "1" {
diff --git a/app/templates/base/page.html b/app/templates/base/page.html
index 3efef49..ec0991d 100644
--- a/app/templates/base/page.html
+++ b/app/templates/base/page.html
@@ -29,7 +29,7 @@
RetroGit is a project by
Mihai Parparita
-
- FAQ
+ FAQ
-
Source
diff --git a/app/templates/faq.html b/app/templates/faq.html
new file mode 100644
index 0000000..78a94cc
--- /dev/null
+++ b/app/templates/faq.html
@@ -0,0 +1,60 @@
+{{define "title"}} FAQ {{end}}
+
+{{define "body"}}
+
+Why do you need such broad access to my GitHub account?
+
+
+ RetroGit requests access for a couple of kinds of data from your GitHub account:
+
+ - Personal user data: Needed in order to determine which email address to send your digest to (I did not want to build my own email address validation infrastructure).
+ - Repositories: Needed to get at historical commits used to generate your digest. The authentication scopes that GitHub's API offers are quite coarse-grained, so there is no narrower option. This means that RetroGit also has access to the read-write contents of your source files, even though it does not need (or use) it. The one mitigating option is to only request this level of access for public repositories — this can be done in RetroGit by unchecking the "Include private repositories" checkbox when signing in.
+
How much data can you see about my account?
+
+
+ RetroGit has access to the following data about your GitHub account and repositories:
+
+
+ - Email addresses
+ - Commit history
+ - Source code
+ - Issues
+ - Pull requests
+ - Wikis
+ - Settings
+ - Webhooks
+ - Deploy keys
+
+
+ However it only uses the data in
bold, everything else is provided as a side effect of the
scope that it uses with the GitHub API.
+
What is is stored in your servers?
+
+
+ RetroGit does
not persist any commit messages or source code from your repositories on its servers (GitHub API responses may be cached in memory for a short period). Digests are generated dynamically when they need to be sent out. What ends up being stored is (see the
Account struct for details):
+
+
+ - OAuth token enabling RetroGit to query data for your account.
+ - Which email address to receive your digests at.
+ - Timezone, digest frequency and other settings.
+
+
+ There is also a
per-user map of the timestamp of the oldest commit for each repository, since this is expensive to compute.
+
Can I run my own instance?
+
+
+ RetroGit's
source is available and it runs on the
App Engine Go Runtime, so you can easily start your own instance. It is not very resource intensive -- single user accounts should definitely fit within the free daily quota.
+
Can I delete my account?
+
+
+
+{{end}}