On Sep 2, 2015 2:43 AM, "Stephan Beal" <sgb...@googlemail.com> wrote: > > Management summary: > > the bug was that the MSVC integration tool checked in to a public repo instead of a private one. The developer did something seriously... errr.... stupid which was amplified by that bug... > > ----- > > Within around ten minutes after publishing his code, he received a notification from Amazon Web Services telling him his account had been compromised. He had (somewhat foolishly) included an AWS access key in the code that he had committed to GitHub. > > That less applies to fossil as well: do not check in sensitive data.
Right, it was not a git flaw. Still, I get irrationally pleased when I read bad press for git or its cronies. I do feel bad for the guy, though. I think another thing to take away is the utility in managing your own repo. I appreciate not everyone can afford it, but it really doesn't cost much. Project aggragation sites (GitHub & SourceForge & anything on the list at https://en.m.wikipedia.org/wiki/Comparison_of_source_code_hosting_facilities really) give bad guys one stop shopping for a lot of code. Self hosted repositories are arguably safer. Especially projects no one has ever heard of! ;) Perhaps the first time in history someone was sad that git didn't lose data. #zing > > > On Wed, Sep 2, 2015 at 10:39 AM, Stephan Beal <sgb...@googlemail.com> wrote: >> >> On Wed, Sep 2, 2015 at 8:34 AM, Scott Robison <sc...@casaderobison.com> wrote: >>> >>> Not really a flaw with git, but this jumped out at me tonight: http://www.theregister.co.uk/2015/09/01/github_bug_costs_man_thousands/ >> >> >> Be careful to take anything The Register says with a big, fat grain of salt. i've seen so much bad/wrong "news" (or editorials sold as news) via them that i won't even knowingly click on links to them anymore :/. >> >> YMMV, of course. Interesting, thanks for the info. It is not a site I frequent, but I do see links there from time to time (as should be obvious).
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
