|
|
|
|
|
|
by hakre
1107 days ago
|
|
|
This is a great baseline, but it is often easier said than done. For example, those repositories contain a lot of privately identifiable information, it is not that easy to get such a baseline ready for that _"should be treated as if they could be exposed to the world at any time any way."_ Depending on jurisdiction this can affect sensitive information that requires much stronger controls in place when you (rightfully!) expect the repository to become public despite it is a private one. |
|
|
This seems to miss my point - I have no idea why PII is in a code repo.