top | item 12713003

(no title)

gwillem | 9 years ago

GL sent me this statement. For the record, I didn't publish vulnerable systems, I published stores that have malware.

---

Willem,

GitLab has opted to remove the list of servers that you posted in your snippet. GitLab views the exposure of the vulnerable systems as egregious and will not abide it. While GiLab reserves the right take further action, up to and including termination (https://about.gitlab.com/terms/), we have chosen not to terminate or lock your account.

Please know this decision was not reached lightly and we appreciate your understanding on the matter.

Regards, GitLab

GitLab Support Team GitLab, Inc.

discuss

HillRat|9 years ago

>For the record, I didn't publish vulnerable systems, I published stores that have malware.

This is a crucial point, because it shows GitLab is basically nonresponsive to the key issue; it's the difference between "Here's how to hack Giant Anchor Retailer" (unethical, possibly illegal) and "Giant Anchor Retailer has been hacked, estimated NNN cards may have been compromised" (of public interest, not illegal). In my case, I want to know if I used any of the retailers on the list!

For GitLab to call this "egregious" and that they "will not abide it" suggests that either GitLab is technically incompetent in security matters, or that they've received legal notices and decided that the shortest path to resolution is to throw their users under the nearest publicly-operated multiwheeled passenger conveyance. In either case, poor show, good reason to seriously consider moving off GH and GL.

zAy0LfpBZLC8mAC|9 years ago

And even if it were (a list of vulnerable systems, that is), why the fuck do they think that they should censor serious journalism? If you operate a public venue, then it is an important societal role of journalism to report on it if that public venue poses a risk to the public, whether that might also have negative consequences for the people operating it is completely irrelevant.

llukas|9 years ago

You mistook "free and accessible" with "public".

You may exercise freedom of speech but not on server that belongs to a private company - it is their right to limit what kind of content they like.

But in an essence you are right - companies should exist to benefit society, but it is not how it exactly works right now.

BoorishBears|9 years ago

I really hate this trend of journalism leaking into services like Github. We have secure ways to share files with high redundancy, why put a service like Github/Gitlab in the line of fire when their primary goal is to enable open collaboration, vs open information.

5h|9 years ago

Are they in the business of journalism?

Lots of people are saying "But the sites are already exploited" ... they are probably still exploitable further also, and GH/GL don't want to be at that party.

mattlondon|9 years ago

There is a right of free speech in many countries (I assume you are in one of them), but that right does not force anyone else to distribute or publish your speech.

Their servers, and their decision on what data is on them.

Want to make it available for every to read? Run your own server and host it there.

tl;dr - you have the right to say what you want, but you cant force anyone to listen.

sytse|9 years ago

Sorry for our mistake Willem, we reinstated the snippet. Also see our blog post about this on https://about.gitlab.com/2016/10/15/gitlab-reinstates-list-o... TLDR; The owners of web stores have a responsibility to their users. And it is in the users interest to have the list published so owners. We currently think that the interest of the user weights heavier.

sytse|9 years ago

For reference the HN discussion of our blog post https://news.ycombinator.com/item?id=12715473

austincheney|9 years ago

I am working on a partial solution to this kind of problem and plan to move from Alpha to Beta version later today.

https://github.com/prettydiff/biddle

This is not a CVS, so you would still need to run something like git locally on your own server, but the idea of self-hosted modules will solve for the censorship of central authorities.

unknown|9 years ago

[deleted]

unknown|9 years ago

[deleted]

unknown|9 years ago

[deleted]

Sidgup1|9 years ago

So? Gitlab doesnt owe you anything.

Sidgup1|9 years ago

[deleted]

chappi42|9 years ago

Did you ask them for permission to publish a private communication? Probably not, bad of you! -

Github/-lab is for projects imho and not a publishing platform. Why don't you publish it on your blog or something? All power to Github/-lab, kick out such stuff!

Singletoned|9 years ago

Given that they both offer to host web sites, then they are both (to some extent) publishing platforms.

https://pages.github.com/ https://pages.gitlab.io/

runholm|9 years ago

They are both offering hosting of websites. They are absolutely a publishing platform.

fredfreddies|9 years ago

The linked article is his blog on gitlab.

ominous|9 years ago

Github/-lab is for files.