GitLab reinstates list of servers that have malware

What a lovely mea culpa. Straight to the point.<p>We thought another way, but here&#x27;s the counter argument, we agree, are sorry, and fixed.<p>Rare candor.

This is the proper decision here, but not merely for the reason they&#x27;ve given.<p>The best reason the list should be widely available: The exploit has already happened in this case, and disclosing it doesn&#x27;t help attackers do further harm; the harm is already done. Removing the list is closing the barn door after the horses are gone.

Just applied for a position at GitLab, absolutely love this company!<p>PS: you can do it too, they&#x27;re completely remote!<p><a href="https:&#x2F;&#x2F;about.gitlab.com&#x2F;2016&#x2F;03&#x2F;04&#x2F;remote-working-gitlab&#x2F;" rel="nofollow">https:&#x2F;&#x2F;about.gitlab.com&#x2F;2016&#x2F;03&#x2F;04&#x2F;remote-working-gitlab&#x2F;</a><p><a href="https:&#x2F;&#x2F;about.gitlab.com&#x2F;jobs&#x2F;" rel="nofollow">https:&#x2F;&#x2F;about.gitlab.com&#x2F;jobs&#x2F;</a>

I don&#x27;t get why anyone views this as a positive thing. The announcement effectively says &quot;We took it down because we didn&#x27;t think about it, but then we changed our mind.&quot; Okay---and a lively discussion on HN had nothing do with it, I presume.<p>GitLabb, you could have admitted publicly that you made a mistake, but you didn&#x27;t. Making excuses is a promise of repetition, so I read this as &quot;Next time something like this happens, we&#x27;re again going to delete the account, unless there is too much backlash on HN again.&quot; Sorry guys, but the damage is done and you missed your one chance to repair it.

Looks like GitLab is the new GitHub - open, human and doing the right thing. Great!

&gt; <i>At GitLab we strongly believe in responsible disclosure, ... So publishing a list of servers ... is not OK.</i><p>In my opinion, this comes very close to &quot;censoring&quot; content.<p>That&#x27;s great that GitLab believes in responsible disclosure, but that doesn&#x27;t mean that everyone does or that you get to force your beliefs on your users or customers.<p>If you do in fact plan to censor content then you need to be very clear about that up front and identify what types of content you will not permit.<p>I&#x27;m glad that GitLab has done a 180 and reinstated the content. In the future, I hope they will fully think through any decisions to pull down content that they don&#x27;t &quot;agree with&quot;. I do give them credit for recognizing they made a bad call and admitting to it.

GitLab&#x27;s customer service and reaction speed never ceases to amaze me. For anyone interested in constructing great customer relationships, I recommend using GitLab as a case study.

One of the few companies out there who give me hope. Switched all my projects to GitLab a while ago, never looked back.

Let&#x27;s be honest, the people that are reading the list on GitLab are highly unlikely to be end consumers purchasing at those stores. If anything, this list provides a potential target list for other hackers to try and compromise those stores even further. I believe this to be irresponsible and furthermore still a violation of responsible disclosure.

The article&#x27;s logic doesn&#x27;t make sense.<p>In <i>every</i> vulnerability, the users are the victims. Web stores aren&#x27;t a special case in the debate of &quot;responsible disclosure&quot; vs &quot;immediate disclosure&quot;.<p>GitLab changed their stance from &quot;responsible disclosure&quot; vs &quot;immediate disclosure&quot;. That&#x27;s their choice, but they shouldn&#x27;t mince words about it.

Is there a plugin that compares sites I visit to this list automatically?

Soooo, is there an extension that will prevent me from visiting sites from the list?

GitLab is a joke. They just copy what other do, but as soon there is a bit of bad publicity they immediately change their opinions just to please the community. GitLab has really become the communities&#x27; bitch. They copy paste everything they find and try to please everyone, but I don&#x27;t think this will get them very far. I am glad there&#x27;s so many other tech companies who try to do their own thing by being innovative.

GitLab is a (bad) copy and paste of GitHub, even the name is similar. I know maybe I will burn some karma point but I want to express my opinion cause I believe in the value of creating things, not to steal ideas. What if the list were put on GitLab first? Probably, without the GitHub example you would not remove it, even notice it.