@[email protected] to Open [email protected] • 4 months agoAnyone can Access Deleted and Private Repository Data on GitHubtrufflesecurity.comexternal-linkmessage-square41fedilinkarrow-up1236arrow-down111cross-posted to: programming[email protected]hackingprogramming[email protected]programmingcybersecurityhackernewsnetsec
arrow-up1225arrow-down1external-linkAnyone can Access Deleted and Private Repository Data on GitHubtrufflesecurity.com@[email protected] to Open [email protected] • 4 months agomessage-square41fedilinkcross-posted to: programming[email protected]hackingprogramming[email protected]programmingcybersecurityhackernewsnetsec
minus-square@[email protected]linkfedilink8•4 months ago After reviewing the documentation, it’s clear as day that GitHub designed repositories to work like this. Sounds like they wanted to find a problem but it turned out to be a feature.
minus-squareShadowlinkfedilink9•4 months agoYeah, pretty much everyone agrees that once something goes to git it lasts forever. The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦
minus-squareEager EaglelinkfedilinkEnglish1•4 months agoa problem that is documented is obviously a feature
Sounds like they wanted to find a problem but it turned out to be a feature.
Yeah, pretty much everyone agrees that once something goes to git it lasts forever.
The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦
a problem that is documented is obviously a feature