Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This application will be able to read and write all public and private repository data. This includes the following:

    Code
    Issues
    Pull requests
    Wikis
    Settings
    Webhooks and services
    Deploy keys
    Collaboration invites
Note: In addition to repository related resources, the repo scope also grants access to manage organization attributes and organization-owned resources including projects, invitations, team memberships and webhooks. This scope also grants the ability to manage projects owned by users.


I am the author of it, this is indeed too much, will remove the unnecessary scopes, the software needs to read the contents only.


I changed the scopes and removed: email and private repos.


Why still require write access to public repos if it's only reading?


This is default behaviour for OAuth apps in github. I will have to migrate to Github Apps for more fine-tuned access.


Yikes


Ew, flagged it ASAP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: