Thursday, 10 January 2013

Why does windows Azure need to '0wn' my GitHub Account?

While creating an Azure website (part of TeamMentor CI) I tried to connect Azure with GitHub and got this request:

Which is completely unacceptable, since there are a lot of data and repositories in my GitHub account that I don't want to give Azure full access to.

Here is another example of why security is hard (and a TAX) since it is much more expensive and hard to create a solution that only shares the right amount of risk (in this case Azure should only have pull access to the repositories want it to)