communism@lemmy.ml to Open Source@lemmy.ml · 3 months agoAnyone can Access Deleted and Private Repository Data on GitHubtrufflesecurity.comexternal-linkmessage-square41fedilinkarrow-up1230arrow-down111cross-posted to: technology@lemmy.worldcybersecurity@sh.itjust.works
arrow-up1219arrow-down1external-linkAnyone can Access Deleted and Private Repository Data on GitHubtrufflesecurity.comcommunism@lemmy.ml to Open Source@lemmy.ml · 3 months agomessage-square41fedilinkcross-posted to: technology@lemmy.worldcybersecurity@sh.itjust.works
minus-squarenao@sh.itjust.workslinkfedilinkarrow-up12arrow-down4·3 months ago After reviewing the documentation, it’s clear as day that GitHub designed repositories to work like this. Sounds like they wanted to find a problem but it turned out to be a feature.
minus-squareShadow@lemmy.calinkfedilinkarrow-up12arrow-down3·3 months agoYeah, pretty much everyone agrees that once something goes to git it lasts forever. The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦
minus-squareEager Eagle@lemmy.worldlinkfedilinkEnglisharrow-up1·3 months agoa problem that is documented is obviously a feature
Sounds like they wanted to find a problem but it turned out to be a feature.
Yeah, pretty much everyone agrees that once something goes to git it lasts forever.
The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦
a problem that is documented is obviously a feature