Opensource

4326 readers

90 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev

Android syncthing repo gone and Developer profile gone private. (github.com)

submitted 2 days ago by cm0002@digipres.cafe to c/opensource@programming.dev

12 comments fedilink hide all child comments

top 12 comments

sorted by: hot top controversial new old

[–] somewa@suppo.fi 21 points 2 days ago (1 children)

Any ideas why this happened?

[–] iloveDigit@piefed.social 4 points 2 days ago (1 children)

Coding is "illegal" now, remember?

[–] somewa@suppo.fi 20 points 2 days ago (2 children)

A lot of guesses point to a repository reset: https://forum.syncthing.net/t/does-anyone-know-why-syncthing-fork-is-no-longer-available-on-github/25661

[–] Kissaki@programming.dev 7 points 2 days ago (2 children)

Looks like it's just random commenters taking random guesses because those have happened before.

What is a “repository reset”? One commenter writes:

There was a temporary similar “outage” back in July with rewritten history, apparently something inappropriate was recorded in the repo history they wanted cleaned out. The repo came back after that. I have no idea if this is the same thing, or if they just got tired of maintaining it.

Seems strange to me. You can prep locally and then force-push. I don't see why rewriting history would require taking the repository down.

[–] orygin@piefed.social 4 points 2 days ago (1 children)

Plus won't the forks on GitHub keep the history before the "reset"?
Afaik, forks on GitHub are basically the same underlying repository, just a branch associated with another user. They won't be able to really purge anything from these other branches.
Plus anyone who has a local copy of the repo or an automatic mirror somewhere else, will have the changes available.

[–] Kissaki@programming.dev 1 points 2 days ago

Yes, forks remain as they are. Yes, the fork network has a shared data repository on GitHub.

Consequently, rewritten history will break history compatibility, possibly requiring manual fixups on forks or work based on it.

[–] somewa@suppo.fi 4 points 2 days ago (1 children)

If he pushed something he shouldn't have online then taking it offline immediately makes a lot of sense.

[–] orygin@piefed.social 6 points 2 days ago* (last edited 2 days ago) (1 children)

It makes sense, but once it's pushed there is no way to know if it's been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it's something else you can't rotate, you're screwed.

[–] onlinepersona@programming.dev 5 points 2 days ago (1 children)

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

[–] somewa@suppo.fi 2 points 1 day ago* (last edited 1 day ago)

The point wasn't that it's not accessible but limiting the damage while you still can.

[–] iloveDigit@piefed.social 1 points 2 days ago

Oh.

[–] Wistful@discuss.tchncs.de 14 points 2 days ago

Oh shit. What do now.