Y
Hacker News
new
|
ask
|
show
|
jobs
by
laurensr
1264 days ago
So users can add other users' SSH keys (sourced from GitLab, ....) to their GitHub profile, essentially depriving the actual key owner from using GitHub
1 comments
basilgohar
1264 days ago
But then that opens them up to having their victim commit code to their repos directly, as well.
link
yencabulator
1263 days ago
Not a big deal for an attacker to create a dummy account.
link