this post was submitted on 13 Nov 2025
96 points (99.0% liked)

Opensource

4347 readers
254 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
96
Android syncthing repo gone and Developer profile gone private. (github.com)
submitted 1 week ago by cm0002@digipres.cafe to c/opensource@programming.dev
12 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] orygin@piefed.social 6 points 6 days ago* (last edited 6 days ago) (1 children)

It makes sense, but once it's pushed there is no way to know if it's been cloned or kept somewhere else. The only real mitigation is to rotate the keys or password that was leaked.
If it's something else you can't rotate, you're screwed.

[–] onlinepersona@programming.dev 5 points 6 days ago (1 children)
[–] somewa@suppo.fi 2 points 6 days ago* (last edited 6 days ago)

The point wasn't that it's not accessible but limiting the damage while you still can.