this post was submitted on 13 Nov 2025
90 points (98.9% liked)

Opensource

4308 readers
102 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
90
Android syncthing repo gone and Developer profile gone private. (github.com)
submitted 1 day ago by cm0002@digipres.cafe to c/opensource@programming.dev
12 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] somewa@suppo.fi 4 points 13 hours ago (1 children)

If he pushed something he shouldn't have online then taking it offline immediately makes a lot of sense.

[–] orygin@piefed.social 6 points 12 hours ago* (last edited 12 hours ago) (1 children)

It makes sense, but once it's pushed there is no way to know if it's been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it's something else you can't rotate, you're screwed.

[–] onlinepersona@programming.dev 5 points 12 hours ago (1 children)
[–] somewa@suppo.fi 2 points 4 hours ago* (last edited 4 hours ago)

The point wasn't that it's not accessible but limiting the damage while you still can.