[mmaunder]

It lets WeChat see tokens that GitHub forwards to them. What they do with it is up to them, but the intent is that they mitigate the issue.

“GitHub will forward access tokens found in public repositories to Tencent WeChat, who will notify affected users.”

[vxNsr]

Why did you edit the full quote?

Here’s what I just copied from the blog post without modification:

> We have partnered with Tencent WeChat to scan for their tokens and help secure our mutual users on all public repositories and private repositories with GitHub Advanced Security.

It’s not just public repos, it’s private repos too.

[somehnguy]

A comment above says that the for private repos only the repo owner will be notified vs sending the secret to the partner for public repos

[angry_octet]

That is insane. They just leak data from your private repos to a hostile foreign govt agency. Unbelievable.

Edit: apparently they notify you for private repos, not Tencent. Still not thrilled.