|
|
|
|
|
|
by aleem
4049 days ago
|
|
|
Beware, granting access to this app (or others like it) will mean it will have access to everything including your private repos' source code. This is pretty bad. If you are going to use this to access your company/startup repo, you should probably get approval from your lead or manager before installing it. Unfortunately, Github, for all it's security efforts, still does not offer token permissions to be limited to "Issues" only. It's all or nothing when it comes to repos. Github's own native client/app doesn't have issue tracking either. This means there are lots of people installing these kind of apps for issue tracking and inevitably the security is as good as the weakest link in this chain. I wish someone at Github could remedy this. IssuePost http://issuepostapp.com/ is a similar app. However, the developer has revoked the app for similar reasons. > Issuepost is unavailable at the moment. Unfortunately, GitHub's OAuth API authorizes access to the entirety of users' private repos, and does not allow you to only request access to read/write issues. As a result, I have decided to pull the app from the App Store until I can find a better way to make the app more secure. |
|
|
I can only conclude they're holding it back deliberately, since it seems both a glaring omission and simple fix. GitHub, prove me wrong..