At least they updated the key within a few days? Still, that's pretty embarrassing to post their private key in a public repo
GitHub is a humungous liability for the whole internet. Every project needs to now consider alternatives.
reply
Gitea is nice, open source and self-hostable (especially if you already have a VPS for your project). It's also possible to mirror or backup Github/Gitlab repos. AFAIK Gitea is working on a federation feature, so you could browse all federated repos (improves discoverability) and commit with a single sign-on.
Codeberg.org is a public registration Gitea instance (also offers a similar service to Github Pages for static websites). HackLiberty.org also operates a Gitea instance.
Otherwise there is a bounty for an implementation of Git on Nostr: https://bountsr.org/nostr-based-github/ Some projects here: https://makers.bolt.fun/project/git-nostr and https://makers.bolt.fun/project/nostrya
reply
I want to switch from gitolite to soft-serve in the near future. Do you have any experience with it?
reply
122 sats \ 1 reply \ @ek 24 Mar 2023
This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.
They only said when they discovered the leak. Not when the leak started.
reply
That is a great clarification!
reply