[fowl2]

Yeah wow! Even most "trusted" contributors shouldn't have this level of access. Is there really no way of scoping tokens with more granularity?

[cyberax]

Nope. The best we could do was to create a separate service that creates Docker tokens (using "docker login") and exposes a secure API.

Obviously, GitHub needs to just fix this nonsense. But I interviewed a couple of "senior" engineers from GitHub, and I have zero hope of that happening soon.