Sounds like a UX nightmare and a huge pain. I'm glad that privacy maximalists don't design user interfaces...
Wow, this comment sounds a lot more dickish than it was intended to. What I mean is, secure design would be that the app can't even see repos that it isn't authorized for, which means the user has to go through some back channel privacy settings page to authorize it every time they set up a new repo.
I don't want to have to specifically authorize x y and z repos every time I touch the app, and I seriously doubt anyone else does either.
Actually we do design UI, every day. And there are plenty of ways to do this in a comfortable fashion without authorizing read access to the contents of every repository. You could for example, show a list of all repos and when you click to edit one for the first time ask for permissions once for that repository - hardly a UX nightmare?
You probably don't want some random, just-released / potentially buggy application touching all your repos. Wouldn't you want to test it on a throwaway repository first to see if you actually want to use the app / does the app work properly, and then authorize it only for the repos you want.
Wow, this comment sounds a lot more dickish than it was intended to. What I mean is, secure design would be that the app can't even see repos that it isn't authorized for, which means the user has to go through some back channel privacy settings page to authorize it every time they set up a new repo.
I don't want to have to specifically authorize x y and z repos every time I touch the app, and I seriously doubt anyone else does either.