Why does the github integration require such broad permissions?

Just trying to get started with travis-ci and I stalled out when I arrived at “sign up with Github”. Here’s my concern:

On this page the docs say the permissions required are:

  • Read access to code
  • Read access to metadata and pull requests
  • Read and write access to administration, checks, commit statuses, and deployments

all of which are perfectly reasonable. However when I get to Github I see something very different. According to the app authorization page travis-ci wants to read and write all public and private repository data including code, issues, pull requests, wikis, and so on. In addition, it wants access to all the organizations I belong to. This makes me more than a little nervous. Is there some way to sign up with tighter permissions?

It looks like this has been previously noted and the workaround is to use the .org signin instead.

However, it still wants access to all my organizations… not sure why that is.

That’s to grant you access to your organizations’ projects on Travis’ site.

OK, is there some way to not grant that permission?

AFAICS, no, and that’s Github’s limitation.

Imprint