So I guess this is only usefull for private artifacts. Very unfortunate indeed for opensource.
I am very disapointed with it. It took me hours to actually push packages there using all the fragmented documentation that was provided to find out that people won't be able to use it.. Totally wasted my time, I'll have to move to an other working packaging system, requiring authentication to download from public repositories is pointless.
Same here. Was almost OK with the extra hassle / need to add repository configs for all different libraries with different repositorioes on github, only to discover that it is actually unusable without authentication. Having a per-user/org repository with the ability to push to it with actions and able to read packages without authentication is something that would be needed for open source.
Requiring github auth for public repo artifacts makes this pretty useless for Open Source projects.
That's really disappointing to see from GitHub. I hope this gets fixed soon.
For now, Open Source projects will have to look elsewhere.
As GH Package regsitry has been officially released, is there any plan on allowing public packages to be downloaded without authentication?
I think it would be useless for open source projects asking users to authenticate to get packages. This is a manditory requirement which is already there in systems like maven central
I also had this authentication problem, I can't download a package without authentication, I hope it will be resolved!
The need to authenticate is one thing, which maybe can be understood. However if I create a personal access token with read:packages scope, that's the error that I get:
Error authenticating user: Personal Access Token is invalid. Your token must have the `repo` and read:packages` scopes to login to the GitHub Package Registry.
That's what I would like to avoid, storing my access token that gives full write access to all repos, releases, etc... in my account, in a plaintext file on my laptop.
Thank you for being here! Currently you need to authenticate to download both public and private packages I'm afraid. We are investigating how, going forwards, beyond the beta we maybe able to offer this functionality, however this could be a way off yet - I've added a +1 against this for you, and we'll let you know as soon as we have an update that we can share surrounding this. Keep an eye on https://github.blog for all updates meanwhile.
Today I used the registration of packages for Maven for the first time.
The publication process was very simple and the available documentation was sufficient.
My difficulty started when using the registered package.
As my project is open source, being public, I believed it would only be related to dependence and use.
But unfortunately I came across the issue that we must authenticate with user and token to perform the restoration of dependencies. I agree with most of the staff, this requirement does not seem to make sense for public projects.
I would love to keep most of my stack on github, but I am being forced to look for another package record.
I hope, very hopefully, this implementation will make it possible to use it without authentication for public packages.
Thank you for your attention.
Yes they need something like `mavenCentral()` to add to the build.gradle/pom.xml.
Otherwise the whole feature is useless IMO.