Open damithc opened 6 months ago
Furthermore, I don't see why this project requires read:user
permissions. From what I gather from the OAuth documentation, the only user profile information such permissions can gain over public information are:
"private_gists": <number>,
"total_private_repos": <number>,
"owned_private_repos": <number>,
"disk_usage": <number>,
"collaborators": <number>,
"two_factor_authentication": <boolean>,
"plan": {
"name": <string>,
"space": <number>,
"private_repos": <number>,
"collaborators": <number>
}
For me personally, I'm unwilling to allow CATcher write permissions to my public repos.
Is it possible not to ask for write access to all public repos? Some users may not want to give CATcher such access because if CATcher is compromised, attackers can get through to their other public repos (such as other OSS projects they have write access to).