cm0002@digipres.cafe to Opensource@programming.dev · 19 hours agoAndroid syncthing repo gone and Developer profile gone private.github.comexternal-linkmessage-square11fedilinkarrow-up177arrow-down11cross-posted to: [email protected]
arrow-up176arrow-down1external-linkAndroid syncthing repo gone and Developer profile gone private.github.comcm0002@digipres.cafe to Opensource@programming.dev · 19 hours agomessage-square11fedilinkcross-posted to: [email protected]
minus-squareorygin@piefed.sociallinkfedilinkEnglisharrow-up3·edit-22 hours agoIt makes sense, but once it’s pushed there is no way to know if it’s been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked. If it’s something else you can’t rotate, you’re screwed.
minus-squareonlinepersona@programming.devlinkfedilinkarrow-up4·2 hours agohttps://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
It makes sense, but once it’s pushed there is no way to know if it’s been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it’s something else you can’t rotate, you’re screwed.
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github