[eriknstr]

6 months down the line: GitHub discovers a security breach, tracks it down to an advanced persistent threat that involved the attackers getting their conditionally malicious app front paged on HN which led to GH staff being baited into allowing said app write access on GH proprietary repos. Just kidding :p

[Ntagg]

Heh. Yeah, I responded to clarify that I did not grant access to that Org.

[rickyc091]

While you're here and we're talking about granting private access to third party organizations... I've actually brought this up on several support request. I have several organizations authorized under my account which were active before the third party access was disabled by default.

The problem is I can't simply tell the company to disable third party access since it would revoke all the SSH keys across the board. Imagine the nightmare, support requests and coordination that would take to things back to normal. The other nuclear option is if I leave the organization before granting access to third party apps. It's been very frustrating for me as I'm hesitant to authorize third party apps since I can't pick and choose organization access on an individual level.