Excesive permission for PAT to pull image
Carlos Quintero
255
Reputation points
In the exercise:
https://github.com/skills/publish-packages/blob/main/.github/steps/4-pull-your-image.md
it is stated "that Before we can use this Docker image, you will need to generate a personal access token that contains the following permissions:"
...
write:packages
...
The permission write:packages is not needed to pull the Docker image. To follow the least privilege principle, that permission should be removed from the list.
This question is related to the following Learning Module
Sign in to answer