LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Not a big deal

Not a big deal

Posted Mar 8, 2012 9:45 UTC (Thu) by job (guest, #670)
In reply to: Not a big deal by dlang
Parent article: Github compromised

You seem to think the only way to compromise hosted git trees is by manipulating the git tree from the file system. But what he would likely do is add himself to the Rails committers and do a legitimate commit. He needn't do it under his own name of course.

So, yes, this is a big deal. And it might not be such a good idea to trust a large unwieldy web application with your access keys. It might also not be such a good idea to write large web frameworks which by default gives anyone write access to your database fields unless explicitly told otherwise.

(Log in to post comments)

Not a big deal

Posted Mar 9, 2012 18:55 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

unless you have multiple people pushing updates without much coordination with each other, it doesn't matter how the changes happen to the repo, the maintainer of that repo will be notified that it's not in the expected state the next time he tries to do a push to that repo.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds