No, GitHub's source code wasn't hacked and posted on GitHub, says GitHub CEO

Nat Friedman says they'll make it harder to impersonate unsigned commits


GitHub's CEO has denied that the site's source code was posted to GitHub.

News of the supposed leak and posting came from a site called Resynth that linked to a Wayback Machine snapshot of a GitHub repo that purported to be the work of GitHub CEO Nat Friedman and was labelled "This is GitHub.com and GitHub Enterprise."

Resynth describes itself with the following tagline: "TypeScript developer; privacy advocate. Fighting until it's right." The post about the supposed leak is titled "What do Microsoft really think about open-source?" and did say the commit is a bit suss. It also recounted an argument that the software giant's ownership of GitHub means it should walk the talk and make the site's code open.

"Some users, such as Drew DeVault, suggest Microsoft is attempting to centralise open-source," the post said. "Through closed-source applications, and proprietary extensions to Git, GitHub is seen as a platform that tries to contain open-source. An example of this is when GitHub went offline for two hours, leaving thousands of open-source projects inaccessible and unusable."

Whatever the merits of that argument, Friedman said the repo is a fake-o.

On Hacker News, the CEO said: "GitHub hasn't been hacked.

"We accidentally shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers a couple of months ago. It shares code with github.com. As others have pointed out, much of GitHub is written in Ruby."

But Friedman also wears a little blame for the situation, stating: "Git makes it trivial to impersonate unsigned commits, so we recommend people sign their commits and look for the 'verified' label on GitHub to ensure that things are as they appear to be.

"As for repo impersonation – stay tuned, we are going to make it much more obvious when you're viewing an orphaned commit.

"In summary: everything is fine, situation normal, the lark is on the wing, the snail is on the thorn, and all's right with the world."

Just don't mention the pandemic, the election, the global recession, or the fact that Denmark is about to cull its national mink herd because it's feared a new coronavirus has crossed over from the furry creatures into humans. ®


Biting the hand that feeds IT © 1998–2020