Opensource

4308 readers

136 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev

Android syncthing repo gone and Developer profile gone private. (github.com)

submitted 22 hours ago by cm0002@digipres.cafe to c/opensource@programming.dev

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] orygin@piefed.social 5 points 6 hours ago* (last edited 6 hours ago) (1 children)

It makes sense, but once it's pushed there is no way to know if it's been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it's something else you can't rotate, you're screwed.

[–] onlinepersona@programming.dev 5 points 6 hours ago

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github