|
|
|
|
|
|
by remram
2048 days ago
|
|
|
You need to guess both to use them, but you only need to guess the secret to get it revoked. GitHub does not check that the corresponding access key is somewhere in the repo too before taking action. You are right about this being impractical though. |
|
|