Explosion-Scratch
commented
4 years ago This happened to me. I was trying to install repl.it.
Open jglick opened 4 years ago
Explosion-Scratch
commented
4 years ago This happened to me. I was trying to install repl.it.
If I am an owner of a repository, but have no special permissions on the org, it seems I cannot create and install a novel App just on my repository: I have to beg the org owner to create it generally in the org, and then install it on my repository. I cannot see any security justification for this—the worst things an App could do on my repository would be things I would be permitted to do anyway using the GUI or personal access token or Git credentials, so it should be my choice to trust the App (and of course I would typically grant it only limited permissions to begin with).
This is particularly onerous in combination with the fact that the Checks API is only available via App authentication. That means that if I want to use Checks from some development tool such as a self-hosted CI system, I cannot set this up autonomously within my repository, it has to be defined and approved for the entire organization.