Technology

59086 readers

3755 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

846

China is attempting to mirror the entire GitHub over to their own servers, users report (infosec.exchange)

submitted 4 months ago by 0x815@feddit.org to c/technology@lemmy.world

282 comments fedilink hide all child comments

GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.

It is being reported that many users' repository are being cloned and re-hosted on GitCode without explicit authorization.

There is also a thread on Ycombinator (archived link)

you are viewing a single comment's thread
view the rest of the comments

[–] BeigeAgenda@lemmy.ca 2 points 4 months ago (1 children)

They can use the same name but if the owner signs their commits we can at least spot the fake commits.

And even if they clone all repos they don't clone the build systems, so their builds of apps and windows installers will be signed with different keys.

For people who follow guides to clone something from a repo, compile it and install it, they need to be on their guard if the repo URL is not the official one.

[–] umami_wasbi@lemmy.ml 1 points 4 months ago

How many know what even signed commit and build is? For people following a guide they don't even know what Github is for but a nice place to have free programs.