communism@lemmy.ml to Open Source@lemmy.ml · 4 months agoAnyone can Access Deleted and Private Repository Data on GitHubtrufflesecurity.comexternal-linkmessage-square38fedilinkarrow-up1210arrow-down18cross-posted to: technology@lemmy.world
arrow-up1202arrow-down1external-linkAnyone can Access Deleted and Private Repository Data on GitHubtrufflesecurity.comcommunism@lemmy.ml to Open Source@lemmy.ml · 4 months agomessage-square38fedilinkcross-posted to: technology@lemmy.world
minus-squarenao@sh.itjust.workslinkfedilinkarrow-up12arrow-down4·4 months ago After reviewing the documentation, it’s clear as day that GitHub designed repositories to work like this. Sounds like they wanted to find a problem but it turned out to be a feature.
minus-squareShadow@lemmy.calinkfedilinkarrow-up12arrow-down3·4 months agoYeah, pretty much everyone agrees that once something goes to git it lasts forever. The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦
Sounds like they wanted to find a problem but it turned out to be a feature.
Yeah, pretty much everyone agrees that once something goes to git it lasts forever.
The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦