Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The problem with all these permissions ideas: VSCode in most cases is expected to be able to push to a git repo. Many developers these days use it over the CLI for pushes and pulls.

So if it has a "minimal" set of access, it has access to a Github key. That's enough.. to do this sort of damage.



Indeed, we must ensure to scope our GH keys per repo then.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: