add future possibility for tokens owned by a team

rust-lang · Sep 3, 2020 · f5f12a7 · f5f12a7
1 parent 04b48cb
commit f5f12a7
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/text/0000-crates-io-token-scopes.md b/text/0000-crates-io-token-scopes.md
@@ -224,3 +224,7 @@ option to require a separate confirmation for the actions executed by tokens.
 For example, we could send a confirmation email with a link the owners have to
 click to actually publish the crate uploaded by CI, preventing any mailicious
 action with stolen tokens.
+
+To remove the need for machine accounts, a future RFC could propose adding API
+tokens owned by teams, granting access to all resources owned by that team and
+allowing any team member to revoke them.