Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A forced push could introduce vulnerability into code in a years old commit that is hard to detect. I guess it will look dodgy when your next push is rejected.


It would not at all be "hard to detect", the SHAs of it and all subsequent commits would change, it would appear in the GitHub audit log, etc etc


Honestly should be pretty easy to just compare remote to someone's recent local copy and just spot check any new commits. Definitely a time sink, though


Yeah it's not the hardest thing to check for, the real problem is that you have to check and you have to know what you're seeing.

Someone who misses the memo on this one, isn't so good at git, and/or is on a smaller project could really be bad news.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: