github-notifications icon indicating copy to clipboard operation
github-notifications copied to clipboard
verified publisher icon bkeepers

Permissions scoping

Open kofalt opened this issue 10 years ago • 2 comments

The permissions requested are pretty extensive:

zomg-perms

From the GH docs:

This is one of the most expansive configurations you can permit, so accept it with caution!

Contrast permissions for Travis CI, which are much more scoped:

travis-perms

I immediately notice how it's much easier to understand what Travis can read or modify, and I'm nervous about authorizing github-notifications with write access to everything.

I'd be a lot more comfortable if the github-notification permissions were scoped, or at least if there were a explanation presented for requesting so much :)

Thanks!

kofalt avatar Mar 02 '15 22:03 kofalt

+1

paoloantinori avatar Aug 28 '15 09:08 paoloantinori

The repo scope is needed to read and write issues and comments on private repositories. From what I can tell, there's not a scope that gives you access to that without giving you full read/write access to all repo data.

/cc @kdaigle

bkeepers avatar Aug 31 '15 16:08 bkeepers