[jgeewax]

Couldn't agree more... Do we really need to grant read and write access to all repos? Sucks if GH's scoping is that coarse.

[Wingman4l7]

It definitely isn't that coarse: https://developer.github.com/v3/oauth/#scopes

[VoxPelli]

GitHub are also working on enabling users to accept just a subset of the requested scopes, like just access to public repos, which will make using all of the more fine-grained scopes easier: https://developer.github.com/changes/2013-10-04-oauth-change...

[hk__2]

No it’s not, you can make an app that have access only to your public info, and/or public repos, etc.

[malandrew]

Unfortunately Amazon is the only cloud provider out there with a robust ACL system.

Is there an open industry standard for implementing ACL policies flexibly like the one Amazon has?

[garblegarble]

http://en.wikipedia.org/wiki/XACML would be one - it can be a little complicated, but if you can get over that it's quite nice and also adds the idea of an Obligation (something that must be performed on a grant/deny - for example, logging/e-mailing)

[stanzheng]

I agree that breakdown should be more anonymized. Readme permission/gitignore/license/code should have different end permissions