Review aria-at app GitHub permissions

[mfairchild365]

I think it would be good to review the ARIA-AT app GitHub permissions. For example, I don't think it needs to write access to my public repositories.

A screenshot of the requested permissions is attached.

• Read/Write access to my public repositories
• Read access to team discussions (why?)
• Read access to organizations and teams (why?)
• Read access to my email address (okay)

I'm very hesitant to allow these permissions until write access is removed.

[mfairchild365]

@s3ththompson @mcking65 want to get this on your radar

[sinabahram]

Just want to add a +1. I was surprised at it asking for access not only to my public ones, but then also blanket asking for private organizations as well, of course with explicit grant flows. This has significant implications, and I actually am super-hesitant to grant the permissions given sensitive data. I did, but now regret doing so, but it was the only way I thought to get access, so this makes one choose between privacy/sensible permissions and access.

I actually don't understand why it needs access to anything, as the messaging just talks about loggin in with GitHub, not giving this project access to one's entire GitHub.