upvote
I also find this frustrating. Every time I want to add an app to Github, it defaults to org wide. So far, I've managed to keep the reins on that, and nobody has made a mistake, but I am just waiting for the day someone adds something org-wide that shouldn't be.

Another rant(ish). You can request a PAT for, say, 30 days for a repo, and if you don't have access, it'll prompt an admin to approve that PAT. Okay, makes sense. But then you can refresh that same token without permission going forward.

reply
You give apps explicit access to repos (or the full org). If you chose full org, what do you expect?
reply
Giving an app full scope to all repos in an org does not automatically imply that it would leak information from private repo A in comments on public repo B. That’s the issue being discussed here.

Like I said earlier, I can see both points of view, and I think the answer is more granular scoped permissions (eg on a per-workflow basis). Right now the permissions are crude.

reply