GitHub and Gitlab exposes all user's public SSH keys (2019)
Pretty unsafe, I think. And you can't turn it off. https://rushter.com/blog/public-ssh-keys/
Links to APIs:
https://docs.github.com/en/rest/reference/users#list-public-keys-for-a-user
https://docs.gitlab.com/ee/api/users.html#list-ssh-keys-for-user
5 comments
[ 2.5 ms ] story [ 17.7 ms ] threadHere is more discussion:
https://security.stackexchange.com/questions/150540/is-it-co...
The argument boils down to the fact that ssh will also give you a list of valid public keys.
It doesn't seem very critical to me, and anyone who is worried could just use a different key for github which is good practice anyway imo