this post was submitted on 28 Mar 2025
2225 points (99.2% liked)

Technology

68130 readers
3647 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
2225
Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft. (programming.dev)
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
303 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 4 days ago (6 children)

I think that's bad (for my personal use) because if I accidentally commit a secret key, how do I claw it back? Basically, how would I claw anything back if it's on a blockchain aka on thousands/millions of computers already (you can't).

[–] [email protected] 11 points 4 days ago (2 children)

If you push a secret key you should definitely generate a new one. Way to many bots out there that scan new commits for exactly that reason

[–] [email protected] 2 points 4 days ago

Yeah please just rotate the secret if that happens. Doesn't matter what platform it is, this is true of GitHub as well. Secrets that are accidentally published are no longer secret.

[–] [email protected] 1 points 4 days ago

Yeah it's not an insurmountable problem but it has happened to me where I push some commits and I realize "oh lemme remove this code because it leaks a little info about me personally" etc

[–] [email protected] 5 points 4 days ago* (last edited 4 days ago)

Obviously you go and change the key instead?

[–] WhyJiffie 3 points 3 days ago

that's already a concern. what if someone just cloned your repo? there's also plenty of people that mirror public repos to their personal forgejo server. forgejo makes it very easy.

the only solution to mitigate such a mistake is to
1) invalidate the token
2) remove the commit

In that order.

[–] [email protected] 2 points 3 days ago

You can make commits on your system without pushing them to the remote server, and that’s the default behavior.

[–] [email protected] 3 points 4 days ago

I did not mean decentralized hosting of the projects (e.g. your project will be on all instances).

I meant decentralized account usage (e.g. you can use your example.com forgejo account to create an issue on otherexample.org)... Just like Lemmy... I could use my reddthat.com lemmy account to create a post on your instance lemmy.world without having to register there.

[–] zarkanian 3 points 4 days ago

You are correct in principle, but Lemmy isn't on a blockchain. It's much less permanent.