Comment on Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft.
LemonBreezes@lemmy.world 1 year agoI think that’s bad (for my personal use) because if I accidentally commit a secret key, how do I claw it back? Basically, how would I claw anything back if it’s on a blockchain aka on thousands/millions of computers already (you can’t).
that’s already a concern. what if someone just cloned your repo? there’s also plenty of people that mirror public repos to their personal forgejo server. forgejo makes it very easy.
the only solution to mitigate such a mistake is to
1) invalidate the token
2) remove the commit
In that order.
If you push a secret key you should definitely generate a new one. Way to many bots out there that scan new commits for exactly that reason
Yeah it’s not an insurmountable problem but it has happened to me where I push some commits and I realize “oh lemme remove this code because it leaks a little info about me personally” etc
Yeah please just rotate the secret if that happens. Doesn’t matter what platform it is, this is true of GitHub as well. Secrets that are accidentally published are no longer secret.
I did not mean decentralized hosting of the projects (e.g. your project will be on all instances).
I meant decentralized account usage (e.g. you can use your example.com forgejo account to create an issue on otherexample.org)… Just like Lemmy… I could use my reddthat.com lemmy account to create a post on your instance lemmy.world without having to register there.
Obviously you go and change the key?
You are correct in principle, but Lemmy isn’t on a blockchain. It’s much less permanent.
JuxtaposedJaguar@lemmy.ml 1 year ago
You can make commits on your system without pushing them to the remote server, and that’s the default behavior.