Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Curious why they would need to keep the GitHub integration down for a while longer. Are they afraid someone could still grab credentials?


GitHub is not allowing them to turn it back on yet (source: multiple people on both sides)


GitHub should insist on it being converted to a GitHub App before they allow it to be re-enabled.

That way org admins can see the requested permissions and control exactly which repos are permitted. GitHub OAuth apps are an absolute nightmare to audit or control.


They were using a legacy GitHub integration. Maybe it's inherently unsafe and they need to rewrite things using the new API.


Audit?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: