Opensource

4308 readers

118 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev

Android syncthing repo gone and Developer profile gone private. (github.com)

submitted 1 day ago by cm0002@digipres.cafe to c/opensource@programming.dev

12 comments fedilink hide all child comments

top 12 comments

sorted by: hot top controversial new old

[–] somewa@suppo.fi 19 points 1 day ago (1 children)

Any ideas why this happened?

[–] iloveDigit@piefed.social 4 points 1 day ago (1 children)

Coding is "illegal" now, remember?

[–] somewa@suppo.fi 20 points 23 hours ago (2 children)

A lot of guesses point to a repository reset: https://forum.syncthing.net/t/does-anyone-know-why-syncthing-fork-is-no-longer-available-on-github/25661

[–] Kissaki@programming.dev 5 points 14 hours ago (2 children)

Looks like it's just random commenters taking random guesses because those have happened before.

What is a “repository reset”? One commenter writes:

There was a temporary similar “outage” back in July with rewritten history, apparently something inappropriate was recorded in the repo history they wanted cleaned out. The repo came back after that. I have no idea if this is the same thing, or if they just got tired of maintaining it.

Seems strange to me. You can prep locally and then force-push. I don't see why rewriting history would require taking the repository down.

[–] orygin@piefed.social 4 points 9 hours ago (1 children)

Plus won't the forks on GitHub keep the history before the "reset"?
Afaik, forks on GitHub are basically the same underlying repository, just a branch associated with another user. They won't be able to really purge anything from these other branches.
Plus anyone who has a local copy of the repo or an automatic mirror somewhere else, will have the changes available.

[–] Kissaki@programming.dev 1 points 9 hours ago

Yes, forks remain as they are. Yes, the fork network has a shared data repository on GitHub.

Consequently, rewritten history will break history compatibility, possibly requiring manual fixups on forks or work based on it.

[–] somewa@suppo.fi 4 points 11 hours ago (1 children)

If he pushed something he shouldn't have online then taking it offline immediately makes a lot of sense.

[–] orygin@piefed.social 6 points 9 hours ago* (last edited 9 hours ago) (1 children)

It makes sense, but once it's pushed there is no way to know if it's been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it's something else you can't rotate, you're screwed.

[–] onlinepersona@programming.dev 5 points 9 hours ago (1 children)

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

[–] somewa@suppo.fi 2 points 1 hour ago* (last edited 1 hour ago)

The point wasn't that it's not accessible but limiting the damage while you still can.

[–] iloveDigit@piefed.social 1 points 23 hours ago

Oh.

[–] Wistful@discuss.tchncs.de 14 points 1 day ago

Oh shit. What do now.