Comment on Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft.

• holdstrong@lemm.ee ⁨4⁩ ⁨weeks⁩ ago

  If you push a secret key you should definitely generate a new one. Way to many bots out there that scan new commits for exactly that reason

  source

  • LemonBreezes@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    Yeah it’s not an insurmountable problem but it has happened to me where I push some commits and I realize “oh lemme remove this code because it leaks a little info about me personally” etc

    source
  • tehfishman@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    Yeah please just rotate the secret if that happens. Doesn’t matter what platform it is, this is true of GitHub as well. Secrets that are accidentally published are no longer secret.

    source
• fallingcats@discuss.tchncs.de ⁨4⁩ ⁨weeks⁩ ago

  Obviously you go and change the key?

  source
• WhyJiffie@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

  that’s already a concern. what if someone just cloned your repo? there’s also plenty of people that mirror public repos to their personal forgejo server. forgejo makes it very easy.

  the only solution to mitigate such a mistake is to
  1) invalidate the token
  2) remove the commit

  In that order.

  source
• lemmydividebyzero@reddthat.com ⁨4⁩ ⁨weeks⁩ ago

  I did not mean decentralized hosting of the projects (e.g. your project will be on all instances).

  I meant decentralized account usage (e.g. you can use your example.com forgejo account to create an issue on otherexample.org)… Just like Lemmy… I could use my reddthat.com lemmy account to create a post on your instance lemmy.world without having to register there.

  source
• zarkanian@sh.itjust.works ⁨4⁩ ⁨weeks⁩ ago

  You are correct in principle, but Lemmy isn’t on a blockchain. It’s much less permanent.

  source
• JuxtaposedJaguar@lemmy.ml ⁨4⁩ ⁨weeks⁩ ago

  You can make commits on your system without pushing them to the remote server, and that’s the default behavior.

  source