Open kofalt opened 9 years ago
+1
The repo
scope is needed to read and write issues and comments on private repositories. From what I can tell, there's not a scope that gives you access to that without giving you full read/write access to all repo data.
/cc @kdaigle
The permissions requested are pretty extensive:
From the GH docs:
Contrast permissions for Travis CI, which are much more scoped:
I immediately notice how it's much easier to understand what Travis can read or modify, and I'm nervous about authorizing github-notifications with write access to everything.
I'd be a lot more comfortable if the github-notification permissions were scoped, or at least if there were a explanation presented for requesting so much :)
Thanks!