Default GitHub scopes are invasive
nicorikken opened this issue · 6 comments
The default authorization of Ansible Galaxy for GitHub integration (which is mandatory) is quite invasive. Not yet having deployed my own role, but going from the documentation it seems that there is no actual use for write-access.
The current request:
Requesting such extensive scopes, without a clear reason upsets security people, preventing them from publishing to Ansible Galaxy.
This issue directly originates from the remark in CISOfy/lynis-ansible#2
I've run in to this issue too, I don't mind giving ansible galaxy READ permissions to all public repos, but there's no reason for it to have write access.
The scopes are defined here. We ask for 'public_repo' so that you can follow and star repositories from within Galaxy.
@chouseknecht I understand that this was the only way for you to implement GitHub starring in the Galaxy. I'd just like to emphasize that this clearly keeps me from publishing roles in Galaxy, because it is a major security hazard to give Ansible the ability to impersonate me on GitHub and possibly ruin all my reputation publicly and globally. Not that I suspect Ansible of intending this, but what when you get hacked or sold off to some fishy investor?
@leoarnold they've updated the scope to below which seems acceptable to me:
@mmckinst This is what I get when I try to sign in to the Galaxy at time of this writing and I'm really reluctant to grant "read and write all public repository data".
Weird. I just took a screenshot from https://github.com/settings/applications on my account but I gave galaxy permission for that stuff a long time ago. Back in August 2016 it was requesting more access when I tried to log in which is I how found this bug but at some point between then and now it stopped asking for all the extras perms when I logged in. Maybe there's a difference between new and old accounts? Hopefully someone from ansible will address this.