Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing the source from github makes your plugin a security risk #468

Open
javajosh opened this issue Mar 24, 2023 · 0 comments
Open

Removing the source from github makes your plugin a security risk #468

javajosh opened this issue Mar 24, 2023 · 0 comments
Labels
question

Comments

@javajosh
Copy link

Describe the bug
You removed the source of your plugin from public view.
This allows you to inject supply chain vulnerabilities into countless developer IDEs.
It makes you a potential target for extortion by those who want to gain high-level access to a wide variety of systems.
I really like this plugin, but I will be forced to a) remove the plugin and b) use your old sources to build a new plugin that I can be assured is not undermined.

To Reproduce
Steps to reproduce the behavior:

  1. Go to github.
  2. Click on https://github.com/zielu/GitToolBox
  3. Scroll down to read about removing the source code.
  4. Realize the potential for abuse

Expected behavior
plugin source remains public.
Wiping your git history and taking the repo private is a warning sign.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@javajosh