Well, github does need some more fine-grained permissions.
Another stupid thing I found is about GH organization access.
If org didn't had Third-part application access policy set to restricted, THERE WAS NO OPTION TO NOT GIVE PERMISSIONS TO A TOKEN.
As in I HAD to give permission for repos for org I was in if I wanted to give app permissions for my personal repos.
Only after enabling that option in org I was given an option to not proliferate permissions to org I'm in. I happened to have admin access so I just enabled that option but if someone didn't it would be real easy for some user to give too much permissions on accident...
It really feels like those permissions should be at per-repo level. App should never need to have access to all of them, even if it asks for all there should be option to give limited access
Another stupid thing I found is about GH organization access.
If org didn't had Third-part application access policy set to restricted, THERE WAS NO OPTION TO NOT GIVE PERMISSIONS TO A TOKEN.
As in I HAD to give permission for repos for org I was in if I wanted to give app permissions for my personal repos.
Only after enabling that option in org I was given an option to not proliferate permissions to org I'm in. I happened to have admin access so I just enabled that option but if someone didn't it would be real easy for some user to give too much permissions on accident...
It really feels like those permissions should be at per-repo level. App should never need to have access to all of them, even if it asks for all there should be option to give limited access