1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues

Issues

Issue #7525 closed

Bitbucket requests access to update Public and Private repos when linking a Github account (BB-8697)

Ed Preston
created an issue

I think there is an error in the permissions bitbucket requests when linking a github account. It wants access to update / modify / public and private repositories. Shouldn't this be a more secure subset of the permissions available ? This is a bit intrusive for just linking an account.

Comments (4)

  1. Zachary Davis staff

    Hi Ed,

    We require those permissions to enable us to copy over your ssh keys (if you ask us to), and to import your repos (both public and private, again only if you ask us to). We will NEVER update or modify your Github repositories. I'll file a request with the team to only ask for the permissions as we need them, but I imagine that's a non-trivial task.

  2. Ed Preston reporter

    Hey Tiger, thanks for getting back to me. The public ssh-zizzle keys are public, don't even need an account to pull them let alone perms. Importing the public repos themselves does not require modify access. +1 on what you are saying for the private repos. Looking at the API docs, it does not look like a big ask. Send me a link to the repo for the site and I'll submit a patch for review. (I need to deep dive on this anyway for a tool.)

  3. Log in to comment