Programming

18677 readers

116 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago

MODERATORS

snowe

Ategon

[email protected]

184

Copilot exposes private GitHub pages, some removed by Microsoft (arstechnica.com)

submitted 1 week ago by [email protected] to c/programming

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] -2 points 1 week ago (1 children)

Kind of a nothing burger.

These repositories, belonging to more than 16,000 organizations, were originally posted to GitHub as public, but were later set to private, often after the developers responsible realized they contained authentication credentials allowing unauthorized access or other types of confidential data. Even months later, however, the private pages remain available in their entirety through Copilot.

The repo was listed as public and archived. It's not clear from the article but I suspect that the "private" information is just a copy of what was made public and not the information added after it was made private.

[–] [email protected] 35 points 1 week ago (1 children)

When a code repository is shut down on github the expectation is that it's removed. We're all aware that the internet will never forget that API key you accidentally committed once but the expectation was always that it wouldn't be github itself doing the remembering and openly sharing it with others.

[–] [email protected] -1 points 1 week ago (1 children)

According to the article it was Bing and not GitHub.

[–] [email protected] 14 points 1 week ago (1 children)

"According to the article it was Microsoft and not Microsoft."

Do you see now how silly you sound?

[–] [email protected] 5 points 1 week ago (1 children)

From an ownership perspective, sure. But it’s still different from the implication that github is leaking currently private repositories.

[–] BehindTheBarrier 2 points 1 week ago

Github actually does that too, in some cases at least.

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github