cm0002@digipres.cafe to Opensource@programming.dev · 2 months agoAndroid syncthing repo gone and Developer profile gone private.github.comexternal-linkmessage-square12linkfedilinkarrow-up197cross-posted to: opensource@lemmy.ml
arrow-up197external-linkAndroid syncthing repo gone and Developer profile gone private.github.comcm0002@digipres.cafe to Opensource@programming.dev · 2 months agomessage-square12linkfedilinkcross-posted to: opensource@lemmy.ml
minus-squareorygin@piefed.sociallinkfedilinkEnglisharrow-up6·2 months agoIt makes sense, but once it’s pushed there is no way to know if it’s been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked. If it’s something else you can’t rotate, you’re screwed.
minus-squareonlinepersona@programming.devlinkfedilinkarrow-up5·2 months agohttps://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
minus-squaresomewa@suppo.filinkfedilinkarrow-up2·2 months agoThe point wasn’t that it’s not accessible but limiting the damage while you still can.
It makes sense, but once it’s pushed there is no way to know if it’s been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it’s something else you can’t rotate, you’re screwed.
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
The point wasn’t that it’s not accessible but limiting the damage while you still can.