Why are you asking for so many permissions on GitHub? #3
Comments
|
Hello @StevenTCramer, Thank you for raising an issue. I acknowledge that requiring admin permission for "Repository webhooks and services" is an oversight on my part. I apologize for the inconvenience and will address this in the next release. As for requesting access to private repositories, it is an intended behavior. This allows users to communicate with the code in their private repositories using the AskTheCode plugin. I want to assure you that AskTheCode does not collect or store the contents of the files, neither in any storage nor in logs. The AskTheCode plugin acts purely as a proxy to download the content and send it to ChatGPT for processing. I apologize for the delay in my response. I wanted the Issues feature to be implemented enough to be able to reply.
|
|
A lot of those permissions seem to be unnecessary. Anything else than 'Code' should not be interesting for the plugin. In addition, why does it need write permissions?
|
|
I think including issues is okay -- there could be relevant info in issues. But not: Deploy keys or Collaboration invites. Also, granting write access seems unnecessarily dangerous. I'd like to remove that too. |
|
As far as I understand, it only downloads the code and sends it to ChatGPT, so reading issues seems pointless as of now. |
|
Hello everyone, Thank you for your feedback and concerns regarding the permissions requested by the AskTheCode plugin. The primary goal is to allow users to query both public and private repositories. Currently, the OAuth app (not the GitHub App) is used to authenticate users. Due to GitHub's current OAuth permission model, to access private repositories, I need to request the For more details on GitHub OAuth scopes, you can refer to the official documentation. |
|
That's a quite sad limitation. Thanks for clarifying! |
The text was updated successfully, but these errors were encountered: