Jonkman Microblog
  • Login
Show Navigation
  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Verius (verius@community.highlandarrow.com)'s status on Saturday, 10-Feb-2018 05:48:25 EST Verius Verius
    I find it hard to completely blame Github for this, but it's new to me that they allow username reuse: https://donatstudios.com/GithubsTotalSecurityFacepalm

    Combined with rather dumb package managers which treat Github as part of their security model that's gonna lead to security issues.

    I guess it just goes to show how bad it is to rely on just URL's. A proper system relies on some form of cryptographic signing instead to indicate that the author of an artifact is indeed the owner of the expected key.
    In conversation Saturday, 10-Feb-2018 05:48:25 EST from community.highlandarrow.com permalink

    Attachments

    1. Invalid filename.
      GitHub Shouldn't Allow Username Reuse
      from Donat Studios
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.