[nstj]

As an FYI you can recover from force pushes to GitHub using the GitHub UI[0] or their API[1]. And if you force push to one of your own machines you can use the reflog[2]. [0]: https://stackoverflow.com/a/78872853 [1]: https://stackoverflow.com/a/48110879 [2]: https://stackoverflow.com/a/24236065

[bombcar]

And as a double FYI this means a force push does not permanently delete sensitive data! Beware. Rotate that API key, even if it's a pain in the arse.

[nstj]

This is a lesser understood corollary of my comment :). Thanks for calling it out ;)

[globular-toast]

That goes for any time you send data to a third party or over a channel you don't control. Compromised is compromised. There is no going back.

I hate things like "email recall" in Outlook or deleting messages in Teams etc because it trains normies into thinking you can recover from a compromise.