Adopting SponsorLink in v2.6+

[kzu]

In order to improve the long-term sustainability of this (and other) projects, we'll be adopting SponsorLink v2.

Please get familiar with it, read the privacy statement and raise any doubts related to it in the SponsorLink repo itself.

All of SponsorLink is OSS too.

What this means for you:

1. If you're not a sponsor (or you haven't synchronized your sponsorship), you will get a IDE-only warning reminding you that you can sponsor the project.
2. CLI or CI builds will never check for sponsorship.
3. You don't need to sponsor if you're an OSS author/contributor yourself (unless you want to, of course).

[alexey-leonovich]

@kzu Could you clarify how SponsorLink privacy is working in Devlooped.CredentialManager v2.6.0, Is it required to share some personal data (e. g. email)? Or it is optional and I can choose not to share my personal data?

[kzu]

Hi there @alexey-leonovich! If you sponsor @devlooped, you are already sharing your info by the very definition of GitHub Sponsors.

But in your case, you bring a very interesting point: you are already an OSS author/contributor, so you wouldn't need to sponsor at all unless you want to. As explained in how we use personal data, your email is only ever part of the auth token/claims during the sync operation, and never persisted anywhere other than your locally signed manifest.

Ensuring your GH email matches your local repo email is not something I currently do, but I wanted to leave that possibility open. It's a local-only offline-only check, if ever done. It could be necessary to prevent folks sharing a single sponsoring account just for manifest generation and then not using it for their git activities, for example, or just uploading the raw JWT somewhere on the internet and have everyone workaround the entire thing.