This is a news story, published by The Register, that relates primarily to GitHub news.
For more software applications news, you can click here:
more software applications newsFor more news from The Register, you can click here:
more news from The RegisterOtherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about
repository forks. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest CFOR vulnerability news, deleted forks news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!
repository forkThe Register
•79% Informative
Researchers at Truffle Security have found that data from deleted GitHub repos isn't necessarily deleted.
They say it's a security risk when one repository fork can access sensitive data from another fork (including data from private and deleted forks) GitHub says it's an intention design decision and is working as expected as noted in its Vulnerability Disclosure Program .
But the Microsoft -owned code-hosting giant considers it a feature, not a bug.
Even if you delete the parent, the commit still lives on, you can download it through the child even though it was pushed to the parent.
Truffle Security argues that GitHub should reconsider its position because the average user expects there to be a distinction between public and private repos in terms of data security.
A GitHub spokesperson said the company is "committed to investigating reported security issues".
VR Score
73
Informative language
68
Neutral language
60
Article tone
informal
Language
English
Language complexity
55
Offensive language
not offensive
Hate speech
not hateful
Attention-grabbing headline
not detected
Known propaganda techniques
not detected
Time-value
medium-lived
External references
12
Source diversity
7
Affiliate links
no affiliate links