Since guys in rails issues ingored me and my issue I got spare time to test
it on the first website i had in mind. github.
That was pretty funny. Firstly, I could write post from 1234 year or 4321.
Then, I could make a post pretending i am DHH. That was funny too.
Then I could wipe any post in any project. That wasn't that funny but pretty
dangereous. It got more curious.
Today I can pull/commit/push in any repository on github. Jack pot.
Hence my implicit assertion that this is broader than commit access (via public
keys) and has nothing to do with cryptography/public keys itself.
To be fair, in the first sentence of the github blog post, mojombo goes on to
more precisely state "a security vulnerability in the public key update form",
but it appears that this may not be the full extent of things. For an example
of the other vulnerabilities homakov mentioned in his blog post, see [2] where
the contents of an issue was changed.
To be fair, in the first sentence of the github blog post, mojombo goes on to more precisely state "a security vulnerability in the public key update form", but it appears that this may not be the full extent of things. For an example of the other vulnerabilities homakov mentioned in his blog post, see [2] where the contents of an issue was changed.
[2] https://github.com/blog/1068-public-key-security-vulnerabili...
(Edited for formatting.)