If you look at Github's fine-grained token permissions then I can totally imagine someone looking at the 20-30 separate scopes and thinking "fuck this" while they back out and make a non-expiring classic token with access to everything.
It's one of those things where a token creation wizard would come in really handy.
This has happened to me. Can't find the exact combination of scopes required for the job to be done so you end up with the "f this" scenario you mentioned. And it is a constant source of background worry.
Don't forget the also fun classic "what you want to do is not possible with scoped tokens so enjoy your PAT". I think we're now at year 3 of PATs being technically deprecated but still absolutely required in some use cases.
github's fine grained scopes aren't even that good, you still have to grant super broad permissions to do specific things, especially when it comes to orgs
I agree, but that is the permissions boundary, not the LLM. Saying "ooh it's hard so things are fuzzy" just perpetuates the idea that you can create all-powerful API keys.
I've definitely done this, but it's in a class of "the problem is between the keyboard and chair" 'exploits' that shouldn't be pinned on a particular tech or company.
It's the same as Apple telling people they're holding their iPhone wrong, though. Do you want to train millions of people to understand your new permissions setup, or do you want to make it as easy as possible to create tokens with minimal permissions by default?
People will take the path of least resistance when it comes to UX so at some point the company has to take accountability for its own design.
Cloudflare are on the right track with their permissions UX simply by offering templates for common use-cases.
No, Github is squarely to blame; the permission system is too detailed for most people to use, and there is no good explanation of what each permission means in practice.