You can resurrect any deleted GitHub account name. And this is why we have trust issues

Found on The Register on Saturday, 10 February 2018

Earlier this week, an unidentified developer, whose Go project stopped functioning as a result of the closure of the jteeuwen account, opened a new GitHub account under the abandoned name and repopulated it with a forked version of the go-bindata package as a workaround to re-enable the broken project.

"The fact that they were allowed to do this however represents a fundamental flaw in GitHub's security model," said developer Jessie Donat in a blog post.

It looks like nobody learned from the NPM fiasco with left-pad. Any developer who relies on dependencies which are under the complete control of a third party should never be allowed to write code.

Browse all articles« Previous « » Next »