|
|
|
|
|
|
by dgtized
4611 days ago
|
|
|
I'm curious why they mention uploaded SSH keys. I presume they mean cases where SSH keypairs have been uploaded? The public key is public, and in fact anyone can use the github API to pull the verified public keys for any user in the system, http://developer.github.com/v3/users/keys/. If there is code uploaded with private keys in it, then it's likely there are other security problems in the organization. |
|
|
It's separate from your actual codebase having any private keys, which I agree would be a Really Bad Thing.