|
|
|
|
|
|
by schemescape
884 days ago
|
|
|
> I really don't like this aspect of GitHub that people who have submitted a typo fix gain additional privileges on the repo by default. What privileges do they gain? Anything other than the one you mentioned? This was definitely not obvious to me, so thanks for bringing it up! |
|
|
NONE, CONTRIBUTOR, COLLABORATOR, MEMBER, OWNER
There are some cases where people use checks for that as part of gating for workflows that run on pull_request_target/issue_comment, but might confuse contributor and collaborator (which requires explicitly adding someone to the repository). Ultimately this is a misconfiguration on part of the maintainer but another example where fixing a typo can play a part in an attack.