|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
Let's consider the following...
Your company has a Jenkins installation using this plugin. This plugin requests access to ALL repositories, including your private repositories, not just your company's private repositories.
Do you really think that your company should have access to your private repositories?!
After reading the source code I think that the permissions were broaden to support the Github Commiter Authorization Strategy. If this is the case, I think that only when using Github Commiter Authorization Strategy the permissions should be broaden.
Of course, preferably, you should be able to tell the plugin what permissions you want to ask from your users, and the plugin should warn if any of it's enabled features require more permissions...