"Act on your behalf" permission is unreasonably alarming #751
Comments
|
@JeremyRand thank you for letting us know!. I'll work on clarifying it in the docs and maybe talk to GH stuff though developer channels. We try to minimize the amount of permissions required. Cirrus requires write access only to "Commit statuses" and "Checks" for reporting back builds statuses, "Content references" (only for cirrus-ci.com domain). |
|
Updating the installation guide in #757 |
|
I don't even use Cirrus, but this is now one of the top results in google for |
|
These discussion links are broken :/ I guess everybody is welcome to vote for it. |
|
@akostadinov thank you for linking the discussion! Just upvoted! |
Trying to log in to Cirrus yields a GitHub prompt asking me to grant Cirrus permission to "Act on your behalf", which is horrifyingly alarming. DuckDuckGoing for this phrase yielded a few GitHub Support Community threads in which the GitHub staff claim that this doesn't mean what anyone fluent in English would infer it to mean (i.e. it supposedly doesn't actually mean that Cirrus gains the ability to do arbitrary things on GitHub as me), but also claim that the wording is "not considered a bug" (your guess is as good as mine why they think deliberately confusing people is a feature and not a bug).
Alas, since GitHub has no intention of fixing this, it would be useful to investigate other options to avoid this warning. As of 2020 Aug 20, GitHub staff claimed that this antifeature only affects GitHub App authentication and that OAuth is unaffected. I have no clue if this is accurate, but seems worth looking into. At the very least, explaining on your website what the prompt actually means would be a mild improvement.
(Sorry to bother you with what is apparently a problem on GitHub's end, but alas it's probably scaring away more of your users than just me, so seems like something you should be aware of even though it's probably not your fault.)
The text was updated successfully, but these errors were encountered: