Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
x/vgo: security of requiring github token #24055
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
For the case of private repos, assuming they're in an organization, you could make a CI account that only has read permission to the repos.
Beyond that, sure, it would be great if GitHub supported read-only oauth scopes. If so, vgo would happily use that token (it doesn't check which scopes are associated with the token).
I'd love suggestions about what to do instead of the current github token but that seems to be the best github is offering right now. If you know of something different we can do, I'd be happy to listen.