top | item 41985124

(no title)

xeraa | 1 year ago

No need to spread rumours: It was a configuration error. GitHub support is helping with restoring everything, since the fork network, stars,... are otherwise all off.

And if you leak credentials, you'd just have to rotate them. Taking the repo offline would probably be too late anyway and causes a major mess, so not something I could recommend for popular repos

[I work for Elastic]

discuss

ajb|1 year ago

It would be a "rumour" if I had stated that it was the truth. If it's not the right explanation then fine, but I see no need for defensiveness. I mentioned that possibility not to criticise elastic, but because it's a security property of GitHub that very much violates the principle of least surprise and that I suspect of causing a security problem for at least one of my previous employers. Well worth spreading awareness IMO.

xeraa|1 year ago

A: "I'm betting..." B: "Could be, or maybe..." — once you reach E it's probably a statement. That sounds almost like the definition of how to start a rumor...

Since we don't maintain private forks for the Elasticsearch repository (maybe for someone's short lived feature development), the problem of private or deleted forks shouldn't be an issue here.