| ▲ | matzehuels 2 hours ago | |
You’re 100% right to call that out. The current GitHub OAuth scope is too broad I’m changing this ASAP to least-privilege and I’ll publish a clear explanation of scopes + data handling. In the meantime: please run the local/CLI path if you want zero-trust. | ||
| ▲ | withinboredom 2 hours ago | parent [-] | |
Damn dude. That’s awesome! I saw the permissions it wanted out of every org I’m a part of (including some big open source orgs) — I’d probably find myself booted out of those orgs if I accepted that. They def get a notification on every authentication like that and take potential impersonation seriously. | ||