“The implication here is that any code committed to a public repository may be accessible forever as long as there is at least one fork of that repository,” the report’s authors claim.

Am I dumb or is this exactly the purpose of forks? I feel like I’m missing something.

  • starshipwinepineapple
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    4 months ago

    If you only ever keep your repository private AND it is not a fork of a public repo, then you are fine. Full stop.

    If you ever fork the repo and make a “INTERNAL” private fork but move the main project public then anything you commit to the private fork will be discoverable through the public project.

    Basically you should assume if you make a repo public then the repo and all of its forks will be public-- even if the forks are “private” the commit data can be found through the main repo.