Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> We have also completed an automated scan of all existing content on github.com to look for malicious content that might have been pushed to our site before this vulnerability was discovered

did they find any problems? The post doesn't say...



We found 10 repositories which would have been blocked on push with the new restrictions. None of them were found to be malicious.


Do those 10 repos include private repos? What is GitHub's policy about scanning/inspecting private repos in cases like this?


Vicent Marti (from GitHub) states: "In case it's not obvious from the post: There are no malicious repos in @github and they can't be pushed anymore. Update your Git anyway."

https://twitter.com/vmg/status/545693913491984385


Which still doesn't say! That says there aren't any, but is silent on whether there were any. It's probably safe to assume that this is just clumsy wording and he meant to say that the scan found nothing, but it could also be a careful attempt at trying to sound like it says more than it really does.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: