|
|
|
|
|
|
by deceptionatd
939 days ago
|
|
|
This seems... deeply idiotic on GitHub's part. Consider the following scenario: 1. A script/CI/etc is pulling the latest releases from the repository.
2. Ownership of the account is changed.
3. The new owner controls the contents of the repository, and can perform a supply chain attack. I'm not sure GitHub would be liable there, but personally I wouldn't want to find out the hard way. |
|
|