Is there a plan to *stop* Travis requesting read / write access on travis-ci.com login?


#1

At the moment travis-ci.com have oauth scopes that require read / write access to all repos which is a risky thing to give to a third party.

travis-ci.org worked without this scope.

Is there a plan and timeline to remove this scope from travis-ci.com?


#2

Yes. We will be moving to integration via GitHub Apps, which provides more granular permissions. See https://blog.travis-ci.com/2018-09-27-deprecating-github-commit-status-api-for-github-apps-managed-repositories


#3

FYI, the “Set up your open source project now” button on https://travis-ci.com/plans leads people into this “risky” situation.

It seems like that link should direct to travis-ci.org until the open source permissions are fixed on travis-ci.com.


#4

This has nothing to do with open source. Open source is about software license and source code availability.


#5

To clarify…if you want to “set up your open source project now”, consider NOT clicking the “Set up your open source project now” button, because it takes you to travis-ci.com/signin which requests read/write permissions for ALL repos in your github account. Instead, consider going to sign up at travis-ci.org.


#6

Any updates on this? Travis-ci.com still requires GitHub “Third Party Access” with access to all my private repos to operate.