We do not want you to read our private projects

#1

When signing up as a new Lifter. Tidelift requests for authorization to read our private projects.

We do not share our private projects, we are only lifting our open source projects.

This should be fixed!

#2

Hi Ronmarti18,

Thanks for bringing this up! Once you’ve authorized Tidelift, you can configure the access of the Tidelift application from this page: https://github.com/settings/installations. You can select which repositories you specifically would like Tidelift to access.

That said, this is not immediately apparent and we will look into ways to improve the communication here.

Best,
Jeff Stern

#3

Yeah sure, but what will happen between the time that I allowed it and the time that I modified it? I am still not gonna authorize Tidelift.

This is a security issue and can only be solved on Tidelift’s side and not from us, the OSS developers.

#4

We just looked into this further. This permission actually does not provide Tidelift with access to your Github repositories. Private Projects are another means in Github for grouping your repositories, similar to Organizations and Teams. We request this access so that we can read the list of Organizations, Teams, and Projects so that you can then decide which of those you want to connect with Tidelift. Again, though, this permission never at any point gives us access to your private Github repositories. Very sorry for the initial confusion!