The problem is people are still confusing two issues.
1 - The mass assignment rails issue was resolved as soon as could be after it was reported
2 - The public key form update vuln was NOT reported and used, NOT to attack github but to make some point to the Rails team.
The second issue was the one github had been talking about in the original blog post. They handled it as soon as it was discovered.
In so far as they responded as quickly as possible, yes they had it in hand.
1 - The mass assignment rails issue was resolved as soon as could be after it was reported 2 - The public key form update vuln was NOT reported and used, NOT to attack github but to make some point to the Rails team.
The second issue was the one github had been talking about in the original blog post. They handled it as soon as it was discovered.
In so far as they responded as quickly as possible, yes they had it in hand.