We are using trello boards to list the tasks and their status. While working with an agency who has lent us developer, I proposed them to link branches to our trello tasks using Github powerup for trello.
To which they replied: "After such linking, Trello can see all our repositories from all projects."
I researched for a good answer or an explanation to provide them. I found that this powerup generates a request via access token which provides data in json to be used for later selection and attachment of branch or commit or issue or pull request
That response has the following data:
and lot more.
So what is a better explanation to provide them? Trello does store access_token of course^ and that allows trello to access all my git data anytime.
I would appreciate a legal explanation for this, or are they right? Does this powerup really leaks everything?
^1 : I verified it by opening trello in incognito, the power up was still there and had access
As @Iain Dooley mentioned about the access. Isn't it possible to restructure the plugin with a cookie only mode in which trello stores the access code in browser cookie with obfuscation and trello would not even have to store the access_code. Trello would only have to save obfuscation key which will be used to unlock the already present access_code in user's browser.
If you had to thrive a new habit during a lockdown, what would it be? Trello
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event