• @visor841
    link
    49
    edit-2
    4 months ago

    While this is still a massive problem, it does require a public fork at some point. So if you have a private repo that has never had a public fork, you should be safe.

    • Aatube
      link
      fedilink
      114 months ago

      (unforked repos that are forks are also affected.)

      • @[email protected]
        link
        fedilink
        74 months ago

        Yes, but only in very limited circumstances. If you:

        1. fork a private repo with commit A into another private repo
        2. add commit B in your fork
        3. someone makes the original repo public
        4. You add commit C to the still private fork

        then commits A and B are publicly visible, but commit C is not.

        Per the linked Github docs:

        If a public repository is made private, its public forks are split off into a new network.

        Modifying the above situation to start with a public repo:

        1. fork a public repository that has commit A
        2. make commit B in your fork
        3. You delete your fork

        Commit B remains visible.

        A version of this where step 3 is to take the fork private isn’t feasible because you can’t take a fork private - you have to duplicate the repo. And duplicated repos aren’t part of the same repository network in the way that forks are, so the same situation wouldn’t apply.

        • Aatube
          link
          fedilink
          44 months ago

          The second situation you listed is incredibly common, as the blog post explains.