This shouldn't be a problem for apps using the "GitHub Apps" system, only the older oauth method I think? That's still a large portion of applications though, probably the majority. A restricted list sounds fine to me, we don't add many and I'm not sure we're actually using any aside from Travis so it shouldn't add much friction.

I'd say go for it, it sounds sensible and if it gets painful we can reassess.

alright, I enabled it just now. Let me know if this causes problems anywhere.

also @BlueHatbRit I just made you an owner of the org as well (it seemed silly to me that you weren't). So all of us should be able to turn the restrictions off again if need be.

Thanks for turning that on and thanks for the owner permissions, I never had any idea what permissions I had anyway haha.

Just as a heads up to anyone interested, I think the next bigger chunk of work I'm going to try and push through will be to re-write the main daemon tests and get them using a newer and maintained library. The one we're using at the moment is deprecated and has some security alerts against it. If anyone has any suggestions for what might be a good one to move to for statsd specifically, give me a shout.