[londons_explore]

In which case, yeah, thats a vulnerability. They shouldn't allow a short hash to match up against anything but public data.

[gus_massa]

It's common to use short hash in pull request, and then modify or rebase the commits.

The solutions are:

* Force people to use the full hash.

* Get use to a lot of dead links.

* Claim that it's a feature, not a bug.

[guipsp]

* Force people to use the full hash for commits pushed now on?

[Dylan16807]

* Check visibility at the time of posting.