> Still, I get irrationally pleased when I read bad press for git or its > cronies.
I don't see anything there that precludes one from s/github/chissel/; s/git/fossil/ and having this same thing happen. I think Stephen is on-point that this is less about git (read: has nothing to do with git) than the developer. Just a sad story, really. -bch On 9/2/15, Scott Robison <sc...@casaderobison.com> wrote: > On Sep 2, 2015 2:43 AM, "Stephan Beal" <sgb...@googlemail.com> wrote: >> >> Management summary: >> >> the bug was that the MSVC integration tool checked in to a public repo > instead of a private one. The developer did something seriously... errr.... > stupid which was amplified by that bug... >> >> ----- >> >> Within around ten minutes after publishing his code, he received a > notification from Amazon Web Services telling him his account had been > compromised. He had (somewhat foolishly) included an AWS access key in the > code that he had committed to GitHub. >> >> That less applies to fossil as well: do not check in sensitive data. > > Right, it was not a git flaw. Still, I get irrationally pleased when I read > bad press for git or its cronies. I do feel bad for the guy, though. > > I think another thing to take away is the utility in managing your own > repo. I appreciate not everyone can afford it, but it really doesn't cost > much. Project aggragation sites (GitHub & SourceForge & anything on the > list at > https://en.m.wikipedia.org/wiki/Comparison_of_source_code_hosting_facilities > really) give bad guys one stop shopping for a lot of code. Self hosted > repositories are arguably safer. Especially projects no one has ever heard > of! ;) > > Perhaps the first time in history someone was sad that git didn't lose > data. #zing > >> >> >> On Wed, Sep 2, 2015 at 10:39 AM, Stephan Beal <sgb...@googlemail.com> > wrote: >>> >>> On Wed, Sep 2, 2015 at 8:34 AM, Scott Robison <sc...@casaderobison.com> > wrote: >>>> >>>> Not really a flaw with git, but this jumped out at me tonight: > http://www.theregister.co.uk/2015/09/01/github_bug_costs_man_thousands/ >>> >>> >>> Be careful to take anything The Register says with a big, fat grain of > salt. i've seen so much bad/wrong "news" (or editorials sold as news) via > them that i won't even knowingly click on links to them anymore :/. >>> >>> YMMV, of course. > > Interesting, thanks for the info. It is not a site I frequent, but I do see > links there from time to time (as should be obvious). > _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
