Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What prevents them from having the code locally?


Same nothing that prevents a person from copying it onto a USB stick before they leave.

However, that's not GitHub's problem. GitHub is "told" (by removing the person's access from the repo) that they shouldn't have access to the repository or its code. It is within GitHub's ability to remove access to their fork and remove it.


> What prevents them from having the code locally?

Likely lack of initial intent and effort.

Just like having firewalls and the most recent security updates doesn't mean that you are inpenetrable. After all, the most common attack vector is the good old phishing email tactics and other ways of social engineering someone anyway. However, it doesn't mean that you shouldn't have a firewall (or other ways of defending your server) or that you should neglect timely security updates.

There are layers to this. Sure, someone who had an intent to do it from the start could've cloned the repo locally ahead of time. But for a lot of people it could be a crime of opportunity. Or it could also be that their account with access to the fork on github gets compromised later and a malicious third party got access to it.

My point is, having this restriction on forks won't prevent a determined attacker from getting it preserved locally ahead of time, you are correct. But it will prevent a lot of other unwanted scenarios that could result from not having the current restriction on forks of repos that went private.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: