|
|
|
|
|
|
by ZiiS
1181 days ago
|
|
|
if you run a MITM attack today the victim gets the warning in the blog post. Thier most likly action is to google the blog post and see it is expected and and so accept your fake key.
Having said that I dont see what choice Github had, they can't continue to use a leeked key. |
|
|
The problem here is that their first command that they advise using is the one that removes the old key and most users are just going to stop right there because it solves the problem of getting the key warning.
The right solution here is to provide a command that most users are going to copy and paste that deletes the old key and adds the new key all at once.