Nov 05, 2020 16:00:00

GitHub source code leaked on GitHub, published person disguised as 'CEO of GitHub'

The source code of the software development platform '

GitHub ' was leaked by a person who claims to be Nat Friedman, CEO of GitHub. With this leak as an opportunity, there is a growing opinion that 'GitHub, which was previously closed source, should be open source.'

GitHub Source Code Leak
https://resynth1943.net/articles/github-source-code-leak/

GitHub Source Code Leak | Hacker News
https://news.ycombinator.com/item?id=24994746

GitHub is now an integral part of the open source community, but the source code for GitHub itself is closed source and was never revealed in the release. However, on November 5, 2020, a situation occurred in which the source code was released on GitHub by a person who claims to be Mr. Friedman, CEO of GitHub. The person who published it commented, 'felt cute, might put gh source code on dmca repo now idk (I thought it was cute, so I'd like to publish the source code of GitHub to the DMCA repository, but what about?)' The source code is left as a web archive.

GitHub-github / dmca at 565ece486c7c1652754d7b6d2b5ed9cb4097f9d5
https://web.archive.org/web/20201104050026if_/https://github.com/github/dmca/tree/565ece486c7c1652754d7b6d2b5ed9cb4097f9d5

2021/11/04 postscript:
At the time of addition, I confirmed that it was excluded from the web archive.

First of all, regarding 'how to falsely publish Mr. Friedman to the DMCA repository', 'repository spoofing' which was originally a problem on GitHub was used. As a method, first fork the repository you want to impersonate and commit using the email address of the account you want to impersonate. After that, if you publish the forked repository on GitHub, you can apparently disguise the repository.

About 'Where is the outflow source of the source code' is, 'real', 'it had shipped by mistake to the customer in a few months before Mr. Friedman

GitHub Enterprise to be the source code of' assertions . GitHub Enterprise is an enterprise product that allows you to host GitHub yourself, and it was known that the source code was obfuscated but decipherable.

However, the leaked source code README file contained the description 'Source code for GitHub.com and GitHub Enterprise' and a description for GitHub employees. From this, there is an opinion that 'it is not just a decryption of the obfuscated code of GitHub Enterprise'.

In the wake of this leak, the social news site Hacker News has raised the opinion that 'GitHub should make its code open source.' However, on the other hand, making the project open source also creates 'responsibility for maintaining the code to the community', and GitHub also commented that it wants to avoid that responsibility. In addition, one of the reasons why Reddit moved to closed source in 2017 is that 'open source projects are difficult to develop without leaking plans' is also cited as a reason why GitHub does not move to open source. increase.

Engineer Resynth points out that GitHub relies on 'hidden security ' by concealing source code and is centralized in the open source community.

Related Posts:

Nov 05, 2020 16:00:00 in Software, Web Service, Posted by darkhorse_log