219
Anyone can Access Deleted and Private Repository Data on GitHub
(trufflesecurity.com)
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
Sounds like they wanted to find a problem but it turned out to be a feature.
Yeah, pretty much everyone agrees that once something goes to git it lasts forever.
The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦
a problem that is documented is obviously a feature