Confirmation popup for workspace sharing

[fntlnz]

This feature is particularly sensitive to leaking workspace data and the user needs to be extremely aware that they are enabling it when they do.

A possible solution is to add an "Are you sure?" popup that explains the implications for workspace sharing so that the user can have a chance to reflect and decide before they do the action.

This was already present in the Theia editor, we need it in Code too now.

[shaal]

When I'm sharing a workspace, users who enter that workspace, get access and same git permissions to all my repos, outside this workspace.

[AlexTugarev]

... get access and same git permissions to all my repos, outside this workspace.

That should be limited to the current workspace session.

OTOH, thinking more about this, I realize you probably mean that the guest may use a terminal to access your other repositories.

[shaal]

@AlexTugarev Yes, that's exactly what I meant.
It has similar abilities to sharing my local terminal with someone else (ie. https://tmate.io)

On Gitpod, I already authorized Github and Gitlab access, so someone accessing my Gitpod terminal - has read/write access to all the repositories hosted on these services.

I think the option of sharing workspace should be removed from the main menu, because of the security risk.
The alternative, sharing instead just the snapshot of a workspace, provides most of the benefits and none of the security concerns.

Another option would be sharing workspace with specific user/email, but I don't know how much effort it would take to achieve that.