Github - You Can View Deleted Private Fork Data
54,568
Published 2024-08-04
Article
trufflesecurity.com/blog/anyone-can-access-deleted…
My Stream
twitch.tv/ThePrimeagen
Best Way To Support Me
Become a backend engineer. Its my favorite site
boot.dev/?promo=PRIMEYT
This is also the best way to support me is to support yourself becoming a better backend engineer.
MY MAIN YT CHANNEL: Has well edited engineering videos
youtube.com/ThePrimeagen
Discord
discord.gg/ThePrimeagen
Have something for me to read or react to?: www.reddit.com/r/ThePrimeagenReact/
Kinesis Advantage 360: bit.ly/Prime-Kinesis
Get production ready SQLite with Turso: turso.tech/deeznuts
All Comments (21)
-
While Git is really committed to keeping your stuff, Github seems to be even more committed !
-
That is probably why they have to delete forks of DMCAd content no matter how well those cleaned up their repositories. Otherwise, a fork can still access the illegal material.
-
Used hash to restore some lost, force pushed commits. Big commits. Saved my job.
-
Flip didn't delete the part he asked to, as usual
-
github as blockchain
-
Does that mean that JDSL was right all along?
-
Regarding GDPR: it only affects personally identifiable information (PII), however every git commit includes the author's and committer's name and email, which IS considered PII. So at the very least that information has to be returned. Additionally things like IPs are also considered PII (yeah I know about IP rotation, I did not make the laws), so if they log the IPs, which they probably do, then that will also have to be returned.
-
GitHub is the only git implementation that has actually sat down and completely relooked at how git works as a git server. as far as I can tell, they seem to have found a way to use like a SQL database as the back end. The people in chat saying that it's just one big repository aren't technically wrong in that kind of implantation, but it's also not the whole picture.
-
Thanks to that i was able to recover an open source project that went closed source It's intended behavior that should absolutely say it's very very good
-
Didn't the US courts recently rule that AI companies are free to ignore the code licenses, at least for the purpose of training their LLMs?
-
"You have to know the message name, the exact date, the author name, etc to reproduce the SHA" you also need to know the content of the files to reproduce the SHA, at which point this "exploit" will not give you any more information. If you get the SHA by other means it can still be bad though.
-
The AI honey pot bit end of the video killed me 🤣🤣🤣
-
I think github probably uses the same directory to handle origin and all the forks, so all the commits live in the same directory and can be accessed even if the fork gets deleted.
-
This honeypot idea dor LLMS is just hilarious 😂😂😂
-
I'm a little confused why this is a surprise. As someone who admined Perforce VCS repositories for years, I was well aware that delete, in most cases, was just another version of the file; an entry in the file's changes indicating the file didn't exist at that, and only at that, revision. (Which was good given how many newbies managed to delete entire working branches.) You could always get a copy of the file as it existed prior to that revision, and any place a pre-deleted revision was branched was still valid. That wasn't just a feature, it was a critical feature for our enterprise suite with lots of moving parts and backwards compatibility requirements.
-
John Hammond isn’t working bringing back dinosaurs anymore?!?
-
The AI watching this video and learning about the honeypot idea at the end of the video be like 👀
-
GDPR: what about your commit mail and name? Those are explicitly person related information stored in the deleted repo. So shouldn't they still have to return this information in your GDPR data request as soon as commits are involved?
-
Massive lesson in RTFM
-
i don't modify fork only copy it.