Promiscuous permissions asked when connecting to Bitbucket
Issue #366
new
As a new user I have a hard time believing you need all these permissions to ALL my repositories and teams. Is it Bitbucket that does not support fine grained permission grants or is it Versioneye that requests more than is needed? See the attached image for my experience.
Comments (2)
-
-
reporter Thanks for the reply. I do believe you are not up to anything evil. But if possible it would be good to trim the scope down. I can think of more than one organisation where VersionEye would be a non starter because of these permissions.
The minimum permissions should be something like listing repos and then get read access to the repos I choose to add to a VersionEye project. Plus access to pull requests if you report CI status on those.
- Log in to comment
Hi @perwiklander. Might be that Bitbucket offers more scopes now then 3 years ago :) However VersionEye is completely open source. You find the code here: https://github.com/versioneye and can verify that we don't do anything shady. We do not even fork or copy your code. VersionEye is just looking for supported files which it can parse and monitor. Files like Gemfile, package.json and so on.