Summary:
-
Persisting Data Risk: Truffle Security researchers found that data from deleted GitHub repositories, including sensitive information like API keys, may still be accessible through forks, posing a security risk.
-
Cross Fork Object Reference (CFOR): The proposed term CFOR describes how one fork can access data from another, even if the original or forked repository is deleted, highlighting an unexpected vulnerability.
-
GitHub’s Stance: GitHub maintains that this behavior is documented and expected due to the inherent nature of fork networks. However, researchers argue that this contradicts user expectations about data privacy and deletion.
!