[qrobit]

Just a reminder that even if you managed to amend those commits and force-push, the commits would still exist and will be addressable given the hash is known.

[nikolay]

I am fully aware of that. Rewriting commits of code already pushed to production with container images, etc., is just crazy. And GitHub charges an arm and a leg for Advanced Security. And it ignored my pre-commit Git hooks, which include GitLeaks.

[mauzybwy]

Couldn’t you expire the reflog entry and prune the db to remove it entirely?

[Orygin]

Can't they be purged if they are dangling and the housekeeping is ran?

[password4321]

related: https://news.ycombinator.com/item?id=41060102 Anyone can access deleted and private repository data on GitHub

[ivanjermakov]

https://stackoverflow.com/a/47771133/8662097