Is there a plan to *stop* Travis requesting read / write access on travis-ci.com login?

#1

At the moment travis-ci.com have oauth scopes that require read / write access to all repos which is a risky thing to give to a third party.

travis-ci.org worked without this scope.

Is there a plan and timeline to remove this scope from travis-ci.com?

1 Like
Travis-ci.com privacy concerns
#2

Yes. We will be moving to integration via GitHub Apps, which provides more granular permissions. See https://blog.travis-ci.com/2018-09-27-deprecating-github-commit-status-api-for-github-apps-managed-repositories

#3

FYI, the “Set up your open source project now” button on https://travis-ci.com/plans leads people into this “risky” situation.

It seems like that link should direct to travis-ci.org until the open source permissions are fixed on travis-ci.com.

#4

This has nothing to do with open source. Open source is about software license and source code availability.

#5

To clarify…if you want to “set up your open source project now”, consider NOT clicking the “Set up your open source project now” button, because it takes you to travis-ci.com/signin which requests read/write permissions for ALL repos in your github account. Instead, consider going to sign up at travis-ci.org.

1 Like
#6

Any updates on this? Travis-ci.com still requires GitHub “Third Party Access” with access to all my private repos to operate.

1 Like
#7

Polite bump for an update here. The sign-in permissions should not need write access. This is not very clear on sign-in, and some users are granting this write permission without understanding what they’re doing.

1 Like