科技回声

6 条评论

This highlights why it's so important that any secret that gets committed must be rotated. Simply removing it from the git history isn't enough, because it can still linger, it's just harder to find.

评论 #39485191 未加载

评论 #39485805 未加载

评论 #39484143 未加载

semiquaver大约 1 年前

You don’t even need the pushes API to see commits that were force pushed away. You can get the head of any branch at a given time using `gitrevisions` [1] syntax any place that you would normally put a branch or commit.e.g to see the state of the cpython main branch on January 1 we can ask for `main@{2024-01-01}`:<a href="https://github.com/python/cpython/tree/main@{2024-01-01}">https://github.com/python/cpython/tree/main@{2024-01-01}</a>This does not walk the commit history, but instead the server-side reflog, so it’s immune to force pushing and can only be avoided by GC of the reflog or repo. Definitely contact GH support if you pushed something you shouldn’t have.[1] <a href="https://git-scm.com/docs/gitrevisions" rel="nofollow">https://git-scm.com/docs/gitrevisions</a>

评论 #39488679 未加载

Okx大约 1 年前

If you've inadvertently committed, say, copyrighted material to GitHub, and want to fully erase it, is there a way? Other than contacting GitHub as this article mentions.Even if you contact them, GitHub says[1] that they will not remove "non-sensitive data", but makes no reference to copyrighted material.[1] <a href="https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository#fully-removing-the-data-from-github" rel="nofollow">https://docs.github.com/en/authentication/keeping-your-accou...</a>

评论 #39486577 未加载

评论 #39489915 未加载

评论 #39486041 未加载

funyug大约 1 年前

Is this an issue with git or github only? If this is an issue with github only, i won't use it anymore for personal projects

评论 #39485600 未加载

评论 #39485345 未加载

评论 #39488379 未加载

silverwind大约 1 年前

These commits can be deleted via `git gc`. Which part if GitHub's "architecture" prevents them from running that?

or113大约 1 年前

someone knows if tools like truffle hog scans these?

6 条评论

Sohcahtoa82大约 1 年前

评论 #39485191 未加载

评论 #39485805 未加载

评论 #39484143 未加载

semiquaver大约 1 年前

评论 #39488679 未加载

Okx大约 1 年前

评论 #39486577 未加载

评论 #39489915 未加载

评论 #39486041 未加载

funyug大约 1 年前

Is this an issue with git or github only? If this is an issue with github only, i won't use it anymore for personal projects

评论 #39485600 未加载

评论 #39485345 未加载

评论 #39488379 未加载

silverwind大约 1 年前

These commits can be deleted via `git gc`. Which part if GitHub's "architecture" prevents them from running that?

or113大约 1 年前

someone knows if tools like truffle hog scans these?

Hidden GitHub commits and how to reveal them

6 条评论

Hidden GitHub commits and how to reveal them

6 条评论