contents:read to contents:write is a big deal! Just to pick out a random widely used project, nodejs [1] has a number of unsigned commits to the main branch. Their commits could have been tampered with during this timeframe.What about release artifacts?
[1]: https://github.com/nodejs/node/commits/main
njibhu|3 years ago
(also ability to do it with content:write is just speculation from my side, they don't make it clear if it is possible, that would need to be confirmed by github)