Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
drran
on Nov 13, 2021
|
parent
|
context
|
favorite
| on:
Sign arbitrary data with your SSH keys
GitHub can alter the CODE. Why it should play with just a key? If GitHub wants to pwn the whole world, it can do it right now.
fortran77
on Nov 13, 2021
|
next
[–]
Well, github will already shut down repositories that contain words that they deem unacceptable. So they are doing it now...
https://news.ycombinator.com/item?id=9966118
judge2020
on Nov 13, 2021
|
parent
|
next
[–]
GH specifically going out of their way to falsify keys of a user would be a much bigger breach of trust than just shutting down repos. They know ssh-import-id-gh is a thing and people use it.
flir
on Nov 13, 2021
|
prev
[–]
Can't argue with that, except to say "because it's bad, lets make it worse" doesn't feel like a good rule of thumb.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
