[masklinn]

> An expiration date is also required for those new tokens with a max of 1 year.

Gah, so close, yet so far.

But I guess that makes sense for personal tokens and I really need to finally look at applications, I assume they have fine-grained ACLs in the first place?

Edit:

> The permissions available to fine-grained personal access tokens are the same permissions available to GitHub Apps, and repository targeting works the same too.

[insanitybit]

Yes, if what you have is "I need persistent, scoped access" you want an app. The fact that so many people on HN are saying "ah darn it expires" is truly frightening and I hope Github publishes a deprecation plan for PAT classic.

[masklinn]

> The fact that so many people on HN are saying "ah darn it expires" is truly frightening

It’s also completely unsurprising: it’s very easy to grow a small PAT-based tool into a large PAT-based system, Apps is a significant overhead for a small too, and the migration path is not simple.

And things get a lot worse when trying to create automation for your company, as your now need to involve the organisation owners / admins in order for them to set up and configure the GHA via a fun game of Simon Says.

[insanitybit]

Hopefully they deprecate PAT-classic so that people stop doing things the easy way with god-credentials.