← Back to context

Comment by stingraycharles

6 hours ago

Giving an app full scope to all repos in an org does not automatically imply that it would leak information from private repo A in comments on public repo B. That’s the issue being discussed here.

Like I said earlier, I can see both points of view, and I think the answer is more granular scoped permissions (eg on a per-workflow basis). Right now the permissions are crude.