> Even doing that as a prank would cause a Big Red Button security audit at some companies. As in, drop what you're doing, we need to go over every line of every commit in the git repo and verify nothing like a server password was committed. Recommendation #1 from that audit will be to stop using github.
We know that the two scenarios (ssh key injection as a prank and what happened here as a prank) are equivalent.
If a company reacts like that in your scenario but doesn't do the same after what really happened, they're doing something very wrong.
We know that the two scenarios (ssh key injection as a prank and what happened here as a prank) are equivalent.
If a company reacts like that in your scenario but doesn't do the same after what really happened, they're doing something very wrong.