Hacker News new | past | comments | ask | show | jobs | submit login

Wait... so after years of multiple security researchers including me privately and publicly demoing this issue, it took us virally trolling you with it before you would finally acknowledge it is an issue and try to fix? Why does it always come to this.

By the way the serious design flaw where GitHub forges signatures on merge commits I told you about when you joined as CEO... Still not fixed.

The fact a commit can be shown as "verified" in the interface when I didn't sign it with my Yubikey is totally broken.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: