Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why not use your knowledge of these exposed secrets for good? You know which repo they're coming from, it'd be super simple to let the owner know rather than potentially costing them time and money.

It also seems as though the only use of this site is to capitalise on other people's mistakes? It looks like you're just handing over leaked data to people who will definitely abuse it, which seems to go against your core business of preventing data leaks?



Would it be considered spamming to pull the email address of the commits and send them an automated email?


Well, you don't need to send an email necessarily, a GitHub issue with a guide on how to include sensitive data in a public repo would probably suffice.


I suspect it would be easy to secure GitHub's cooperation in this, but almost certainly not for money or via a black box.


Would it be against the GitHub terms of service to do such an email?


I agree with what you wrote. My two cents are: seems that getting attention goes against being nice to others, such a shame living in such a society.


Yet if people don't know the risk exists, they'll continue being ignorant and fucking up. Awareness is a good thing.


This isn't awareness though. This is like telling a specific set of people about all the houses near by that have their front door key under the mat. You only become aware of the issue when it is too late.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: