undefined | Better HN

0 pointsdundarious3y ago0 comments

It seems like the appropriate thing to do would be to inform anyone who had tokens created during the affected time period, so they could assess if any of the permissions led to undesired changes. Instead of GitHub saying “we don’t have hard proof of anything bad happening” and waiting 3 months, just give the customer the time of relevant token creations.

0 comments

smarx0073y ago

The email listed the apps that issued tokens in the specified time window. If your notification email listed 0 apps, it means no apps created tokens during the time window in question (I got 1 app listed). I only missed that those tokens had 1h lifetime.

dundariousOP3y ago

Listing token times instead of just apps, and doing so nearer the actual time instead of 3 months later, are the key parts of my suggestion.

j / k navigate · click thread line to collapse

0 pointsdundarious3y ago0 comments

0 comments

smarx0073y ago

dundariousOP3y ago

Listing token times instead of just apps, and doing so nearer the actual time instead of 3 months later, are the key parts of my suggestion.

j / k navigate · click thread line to collapse