Skip to content

Ambiguous docs around fork deletion can lead to confusion #34383

New issue
New issue
Closed
#34384
Closed
Ambiguous docs around fork deletion can lead to confusion#34383
#34384
Labels
contentThis issue or pull request belongs to the Docs Content teampull requestsContent related to pull requests
@ahpook

Description

@ahpook
ahpook
opened on Aug 22, 2024

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility#deleting-a-public-repository

What part(s) of the article would you like to see updated?

The text of the linked section on deleting a fork says only that "a fork" will be promoted to be the head of a fork network when the current upstream is deleted. This can lead to confusion about the expected behavior in this scenario. In fact, the current oldest fork will be promoted to the new upstream, and a simple change to the docs could eliminate that ambiguity and subsequent confusion.

Additional information

A security researcher was confused about this behavior and posted that when the head of a fork network is deleted, and arbitrary fork is promoted to be the head of the network, which could introduce a takeover attack if the fork thus promoted was owned by a bad actor. Clearly documenting that it's the oldest active fork rather than an arbitrary one would reduce the frightening possibility of a takeover.

https://x.com/trufflesec/status/1823069323348611345

Metadata

Metadata

Assignees

No one assigned

    Labels

    contentThis issue or pull request belongs to the Docs Content teampull requestsContent related to pull requests

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions