Pissing off devs is bad, but yeah, my main thing is that securing a website and database is hard enough, but fairly easy to mitigate.
If an attacker could gain write access to a customer's private repositories though, I feel like that would make an otherwise unattractive service far more of a target.
You're dead on though -- I've wanted to use Github oAuth for at least five different dev-oriented projects, but their permission system just makes it impossible.
If an attacker could gain write access to a customer's private repositories though, I feel like that would make an otherwise unattractive service far more of a target.
You're dead on though -- I've wanted to use Github oAuth for at least five different dev-oriented projects, but their permission system just makes it impossible.