undefined | Better HN

0 pointseru2mo ago0 comments

> What if GitHub’s token scanning service went down.

If it's a secret gist, you only exposed the attacker's key to github, but not to the wider public?

0 comments

They mean it went down as in stopped working, had some outage; so you've tried to use it as a token revocation service, but it doesn't work (or not as quickly as you expect).

eruOP2mo ago

Sure, that's a valid worry. Though that's not all that different from a special purpose public token revocation service: they can also go down.

OJFord2mo ago

True, just more to rely on with the scanning too I suppose.

j / k navigate · click thread line to collapse

0 pointseru2mo ago0 comments

> What if GitHub’s token scanning service went down.

If it's a secret gist, you only exposed the attacker's key to github, but not to the wider public?

0 comments

OJFord2mo ago

They mean it went down as in stopped working, had some outage; so you've tried to use it as a token revocation service, but it doesn't work (or not as quickly as you expect).

eruOP2mo ago

Sure, that's a valid worry. Though that's not all that different from a special purpose public token revocation service: they can also go down.

OJFord2mo ago

True, just more to rely on with the scanning too I suppose.

j / k navigate · click thread line to collapse