this post was submitted on 13 Nov 2025
96 points (99.0% liked)

Opensource

4797 readers
84 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
96
Android syncthing repo gone and Developer profile gone private. (github.com)
submitted 2 months ago by cm0002@digipres.cafe to c/opensource@programming.dev
12 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] somewa@suppo.fi 4 points 2 months ago (1 children)

If he pushed something he shouldn't have online then taking it offline immediately makes a lot of sense.

[–] orygin@piefed.social 6 points 2 months ago* (last edited 2 months ago) (1 children)

It makes sense, but once it's pushed there is no way to know if it's been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it's something else you can't rotate, you're screwed.

[–] onlinepersona@programming.dev 5 points 2 months ago (1 children)
[–] somewa@suppo.fi 2 points 2 months ago* (last edited 2 months ago)

The point wasn't that it's not accessible but limiting the damage while you still can.