User: Password:
|
|
Subscribe / Log in / New account

GitHub incidents spawns Rails security debate

GitHub incidents spawns Rails security debate

Posted Mar 8, 2012 10:34 UTC (Thu) by hawk (subscriber, #3195)
In reply to: GitHub incidents spawns Rails security debate by jzbiciak
Parent article: GitHub incidents spawns Rails security debate

If you take a Github perspective:
It's absolutely a good thing that the vulnerability in Github was fixed.
However, it seems very aggressive to only give Github two days (assuming it was even the same problem he had contacted them about) before starting to mess with their service to prove his point.

To me that seems like probably the single biggest problem with this stunt; it wasn't directly aimed at Rails alone but at a third party using Rails.


(Log in to post comments)

GitHub incidents spawns Rails security debate

Posted Mar 9, 2012 17:27 UTC (Fri) by n8willis (subscriber, #43041) [Link]

Based on his comments in the various issues, it seems to me that GitHub was only the "target" because it happened to be where Rails master was hosted (and, of course, demonstrated the vulnerability). It seems like if Rails had self-hosted, Homakov would have demonstrated the problem there instead.

But enough mind-reading for one day.
Nate


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds