{"id":16148,"date":"2012-03-06T10:10:17","date_gmt":"2012-03-06T08:10:17","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=16148"},"modified":"2012-03-06T10:10:17","modified_gmt":"2012-03-06T08:10:17","slug":"github-compromise-lessons-to-learn","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/","title":{"rendered":"GitHub compromise : lessons to learn"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/github.com\">GitHub<\/a> has been compromised. \u00a0That, by itself, is important enough &#8211; with millions of projects and developers using it. \u00a0But there is more to it. \u00a0Have a look at these links:<\/p>\n<ul>\n<li><a href=\"http:\/\/lwn.net\/Articles\/485162\/\">LWN report and discussion<\/a><\/li>\n<li>Original <a href=\"https:\/\/github.com\/blog\/1068-public-key-security-vulnerability-and-mitigation\">GitHub blog posting<\/a><\/li>\n<li>Follow-up <a href=\"https:\/\/github.com\/blog\/1069-responsible-disclosure-policy\">GitHub blog posting<\/a><\/li>\n<li>A nice <a href=\"http:\/\/chrisacky.posterous.com\/github-you-have-let-us-all-down\">overview of what actually happened<\/a><\/li>\n<li><a href=\"http:\/\/enlightsolutions.com\/articles\/whats-new-in-edge-scoped-mass-assignment-in-rails-3-1\">Description of the relevant Rails issue<\/a><\/li>\n<\/ul>\n<p>There is more coverage all over the web, but I&#8217;m sure you know how to find your way around. \u00a0Now, to the lessons that we can learn from what happened.<\/p>\n<ol>\n<li><strong>&#8220;Don&#8217;t panic<\/strong>&#8221; in big friendly letters,\u00a0courtesy of Hitchhiker&#8217;s Guide to the Galaxy. \u00a0It&#8217;s obvious something out of the ordinary happened in GitHub&#8217;s routine life. \u00a0While they regained the clarity of mind pretty fast, they were caught off-guard. \u00a0Don&#8217;t panic is the first rule of panic situations.<\/li>\n<li><strong>Pay attention!<\/strong> \u00a0Given the size and active lives of both GitHub and Rails, it&#8217;s difficult to pay attention to every little detail. \u00a0But you should always weight the &#8220;large number of installations&#8221; or &#8220;large user base&#8221; considerations. \u00a0Even if there is an issue with a documented feature. \u00a0We&#8217;ve seen examples of this again and again &#8211; something that was a part of original functionality once in a while is turned into a malicious attack vector. \u00a0Your answer shouldn&#8217;t be the simple &#8220;check your code&#8221;.<\/li>\n<li><strong>Stay transparent.<\/strong> \u00a0As you can see from a few comments in the above links, the actual compromise is not the biggest deal. \u00a0People in general and software developers in particular are very much used to security issues in every software. \u00a0It happens. \u00a0The bigger deal is, of course, how you handle that. \u00a0When you obviously have a problem, don&#8217;t try to hide it or misinform people who rely on you. \u00a0Say it loud and clear. \u00a0Or you <strong>will<\/strong> lose trust.<\/li>\n<li><strong>Mind the stack.<\/strong> \u00a0Today&#8217;s computing world is rather complex. \u00a0Most projects rely on third-party libraries, tools, and solutions. \u00a0And that&#8217;s a good thing. \u00a0But when you do that, don&#8217;t treat the third-party item as a black box. \u00a0That is especially frequent in Open Source Software development. \u00a0It&#8217;s easy to trust something that is open. \u00a0It&#8217;s free, it&#8217;s open, it&#8217;s secure and reliable. \u00a0Not always the case. \u00a0And sometimes it is the case, but you need to read the documentation and think carefully. \u00a0As much as you are concerned about the security of your own code, there is no guarantee that the libraries, framework, or even the language compiler that you are using are secure. \u00a0Keep that in mind.<\/li>\n<\/ol>\n<p>With all that, what&#8217;s my attitude to GitHub now? \u00a0It&#8217;s still the same. \u00a0I love the service and I trust the company. \u00a0Everybody makes mistakes. \u00a0Not everybody learns from them. \u00a0When things like that happen, I&#8217;m always willing to give a second chance (and sometimes even the third). \u00a0Maybe I&#8217;m just hoping that when I screw up people won&#8217;t just turn away. \u00a0Maybe I&#8217;m just an optimist &#8211; who knows. \u00a0But GitHub still provides the service that I enjoy using. \u00a0No matter the compromise, I (or any of my projects) haven&#8217;t been affected. \u00a0And I think that GitHub will learn from this experience. \u00a0So I don&#8217;t see any reason to change my attitude.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>GitHub has been compromised. \u00a0That, by itself, is important enough &#8211; with millions of projects and developers using it. \u00a0But there is more to it. \u00a0Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">GitHub compromise : lessons to learn<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,62,1334],"tags":[2809,200],"keyring_services":[],"class_list":["post-16148","post","type-post","status-publish","format-standard","hentry","category-general","category-technology","category-web-work","tag-github","tag-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Leonid Mamchenkov\"\/>\n\t<meta name=\"google-site-verification\" content=\"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Leonid Mamchenkov - Life, universe, and everything else\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"GitHub compromise : lessons to learn - Leonid Mamchenkov\" \/>\n\t\t<meta property=\"og:description\" content=\"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2012-03-06T08:10:17+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2012-03-06T08:10:17+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MamchenkovBlog\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:title\" content=\"GitHub compromise : lessons to learn - Leonid Mamchenkov\" \/>\n\t\t<meta name=\"twitter:description\" content=\"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#blogposting\",\"name\":\"GitHub compromise : lessons to learn - Leonid Mamchenkov\",\"headline\":\"GitHub compromise : lessons to learn\",\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#articleImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"},\"datePublished\":\"2012-03-06T10:10:17+02:00\",\"dateModified\":\"2012-03-06T10:10:17+02:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#webpage\"},\"articleSection\":\"All, Technology, Web work, GitHub, security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/web-work\\\/#listItem\",\"name\":\"Web work\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/web-work\\\/#listItem\",\"position\":3,\"name\":\"Web work\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/web-work\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#listItem\",\"name\":\"GitHub compromise : lessons to learn\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#listItem\",\"position\":4,\"name\":\"GitHub compromise : lessons to learn\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/web-work\\\/#listItem\",\"name\":\"Web work\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#personImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#webpage\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/\",\"name\":\"GitHub compromise : lessons to learn - Leonid Mamchenkov\",\"description\":\"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2012\\\/03\\\/06\\\/github-compromise-lessons-to-learn\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"datePublished\":\"2012-03-06T10:10:17+02:00\",\"dateModified\":\"2012-03-06T10:10:17+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/\",\"name\":\"Blog of Leonid Mamchenkov\",\"description\":\"Life, universe, and everything else\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"GitHub compromise : lessons to learn - Leonid Mamchenkov","description":"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails","canonical_url":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#blogposting","name":"GitHub compromise : lessons to learn - Leonid Mamchenkov","headline":"GitHub compromise : lessons to learn","author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"},"image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#articleImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"},"datePublished":"2012-03-06T10:10:17+02:00","dateModified":"2012-03-06T10:10:17+02:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#webpage"},"isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#webpage"},"articleSection":"All, Technology, Web work, GitHub, security"},{"@type":"BreadcrumbList","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/mamchenkov.net\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","position":2,"name":"Technology","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/web-work\/#listItem","name":"Web work"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/web-work\/#listItem","position":3,"name":"Web work","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/web-work\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#listItem","name":"GitHub compromise : lessons to learn"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#listItem","position":4,"name":"GitHub compromise : lessons to learn","previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/web-work\/#listItem","name":"Web work"}}]},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/#person","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#personImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author","url":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"WebPage","@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#webpage","url":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/","name":"GitHub compromise : lessons to learn - Leonid Mamchenkov","description":"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/#breadcrumblist"},"author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"creator":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"datePublished":"2012-03-06T10:10:17+02:00","dateModified":"2012-03-06T10:10:17+02:00"},{"@type":"WebSite","@id":"https:\/\/mamchenkov.net\/wordpress\/#website","url":"https:\/\/mamchenkov.net\/wordpress\/","name":"Blog of Leonid Mamchenkov","description":"Life, universe, and everything else","inLanguage":"en-US","publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"}}]},"og:locale":"en_US","og:site_name":"Leonid Mamchenkov - Life, universe, and everything else","og:type":"article","og:title":"GitHub compromise : lessons to learn - Leonid Mamchenkov","og:description":"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails","og:url":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/","og:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:secure_url":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:width":1024,"og:image:height":1024,"article:published_time":"2012-03-06T08:10:17+00:00","article:modified_time":"2012-03-06T08:10:17+00:00","article:publisher":"https:\/\/www.facebook.com\/MamchenkovBlog","twitter:card":"summary_large_image","twitter:site":"@mamchenkov","twitter:title":"GitHub compromise : lessons to learn - Leonid Mamchenkov","twitter:description":"GitHub has been compromised. That, by itself, is important enough - with millions of projects and developers using it. But there is more to it. Have a look at these links: LWN report and discussion Original GitHub blog posting Follow-up GitHub blog posting A nice overview of what actually happened Description of the relevant Rails","twitter:creator":"@mamchenkov","twitter:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg"},"aioseo_meta_data":{"post_id":"16148","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2023-07-19 08:46:33","updated":"2026-01-15 07:42:45","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/\" title=\"Technology\">Technology<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/web-work\/\" title=\"Web work\">Web work<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tGitHub compromise : lessons to learn\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/mamchenkov.net\/wordpress"},{"label":"Technology","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/"},{"label":"Web work","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/web-work\/"},{"label":"GitHub compromise : lessons to learn","link":"https:\/\/mamchenkov.net\/wordpress\/2012\/03\/06\/github-compromise-lessons-to-learn\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":18739,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/11\/02\/github-error-pages\/","url_meta":{"origin":16148,"position":0},"title":"GitHub error pages","author":"Leonid Mamchenkov","date":"November 2, 2013","format":false,"excerpt":"I've praised GitHub many a time in posts on this blog and in numerous conversations over a pint. \u00a0Today, I found yet another reason to do so - GitHub error pages. \u00a0We've all seen a parallax 404 by now, right? Today was the first time I looked into the source\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"github 404","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2013\/11\/github-404-500x313.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":28538,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/02\/code-quality-tools-in-php-to-check-and-improve-your-code\/","url_meta":{"origin":16148,"position":1},"title":"Code quality tools in PHP to check and improve your code","author":"Leonid Mamchenkov","date":"May 2, 2018","format":false,"excerpt":"\"Code quality tools in PHP to check and improve your code\" is a list of both some very well known tools and some new kids on the block.\u00a0 The article covers the following: PHP-CS-Fixer Documentation Github PHPCS Documentation Github PHPMD Documenation Official website PHPStan Github PHPUnit Documentation Github PHPLoc Github\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":22487,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/09\/03\/making-mysql-better-at-github\/","url_meta":{"origin":16148,"position":2},"title":"Making MySQL Better at GitHub","author":"Leonid Mamchenkov","date":"September 3, 2014","format":"link","excerpt":"Making MySQL Better at GitHub \u00a0 \u00a0","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"mysql improvements at GitHub","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2014\/09\/mysql-improvements-at-GitHub-500x240.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":27284,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/github-topics\/","url_meta":{"origin":16148,"position":3},"title":"GitHub Topics","author":"Leonid Mamchenkov","date":"February 1, 2017","format":false,"excerpt":"GitHub blog introduces Topics - a tagging\/labeling mechanism for GitHub repositories, which makes searching by technology, topic, etc so much better. This is a much welcome feature.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/02\/topics-500x263.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":29096,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/14\/devhub-tweetdeck-for-github\/","url_meta":{"origin":16148,"position":4},"title":"DevHub: TweetDeck for GitHub","author":"Leonid Mamchenkov","date":"December 14, 2018","format":false,"excerpt":"If you are spending a lot of time on GitHub, following people, teams, and projects, then checkout DevHub - a TweetDeck-like application for GitHub that works on Android, iOS, and as a web application. It conveniently brings together your repositories, notifications, and all the other goodies, helping you to significantly\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/devhub.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/devhub.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/devhub.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/devhub.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/devhub.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/devhub.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":25138,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/01\/27\/pull-request-guidelines-for-bitbucket-cloud\/","url_meta":{"origin":16148,"position":5},"title":"Pull request guidelines for Bitbucket Cloud","author":"Leonid Mamchenkov","date":"January 27, 2016","format":false,"excerpt":"Bitbucket is often viewed as second best compared\u00a0to GitHub. \u00a0And while I love GitHub dearly, I have to say that it's not true. \u00a0It's as good as GitHub. \u00a0Sure, it doesn't offer all GitHub features yet (Releases, for example), but it does offer a few features of its own, which\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"overview","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/01\/overview-500x281.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/16148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=16148"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/16148\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=16148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=16148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=16148"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=16148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}