Liked
a post on Twitter
Post details
To my knowledge the way to control per-repo permissions for a given OAuth integration at the moment is to create a dedicated user account - which is both highly non-obvious and presumably costs $48/user/year or more depending on your GitHub plan twitter.com/jpluscplusm/st…
Post details
One thing that I /try/ and convince my clients to do, that could have reduced this attack's severity, is to link 3rd parties into your #GitHub Org with per-party users and not individuals' accounts. This implies curating each 3rd-party's repo access via per-party Teams, which ... twitter.com/GitHubSecurity…🇪🇺Jönathan💙Matthews🌈 (@JplusCplusM)Sat, 16 Apr 2022 07:21 +0000
Simon Willison (@simonw)Sat, 16 Apr 2022 12:38 +0000
by 
Jamie Tanna
.
This post was filed under likes.
Interactions with this post
Interactions with this post
Below you can find the interactions that this page has had using WebMention.
Have you written a response to this post? Let me know the URL:
Do you not have a website set up with WebMention capabilities? You can use Comment Parade.