Securing the Git push pipeline: Responding to a critical remote code execution (github.blog) 14 points by samtrack2019 2mo ago ↗ HN
[–] time4tea 2mo ago ↗ I mean, sure.But what about allowing user inputs in trusted fields,Or allowing switching environments per request, on inputs from usersOr allowing requests in a user context to access storage from anotherOr storing everything in plaintext on a node that everything can accessOr not validating user inputsOr...Its not a success story.
[–] philipwhiuk 2mo ago ↗ Nothing on auditing other fields? Nothing on how it escaped test coverage? No fuzzing?
3 comments
[ 3.0 ms ] story [ 25.6 ms ] threadBut what about allowing user inputs in trusted fields,
Or allowing switching environments per request, on inputs from users
Or allowing requests in a user context to access storage from another
Or storing everything in plaintext on a node that everything can access
Or not validating user inputs
Or...
Its not a success story.