←back to thread

Winamp deletes entire GitHub source code repo after a rocky few weeks

(arstechnica.com)
431 points dangle1 | 1 comments | 16 Oct 24 16:34 UTC | HN request time: 0.203s | source
Show context
lolinder ◴[17 Oct 24 01:58 UTC] No.41865732[source]
> In seeking to remove offending files with a simple deletion instead of a rebase, Winamp kept it available to those who know Git mechanics

"Those who know Git mechanics" in this case is talking about extremely simple Git mechanics. Those who know more advanced Git mechanics would know that even a rebase is not sufficient to solve the problem of having pushed up secrets.

Aside from the obvious problem of all the forks and previously-cloned copies, the offending commits will still also be available on GitHub (at least until the next garbage collection), they'll just have the message "This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository."

Any links that include the old hash will still be available online and will still turn up the code you tried to delete.

replies(1): >>41866143 #
speedyjay ◴[17 Oct 24 03:23 UTC] No.41866143[source]
> offending commits will still also be available on GitHub (at least until the next garbage collection),

No. Forever. Literally forever. GitHub does not run garbage collection, like, ever.

https://stackoverflow.com/questions/4367977/how-to-remove-a-...

Dangling commit from 14 years ago :

https://github.com/nylen/connectbot/commit/1cd775d

There is only one way to delete data on github permanently and that's to request it from github support. Still, you would have better luck just deleting your repository and starting over from scratch, deleting your history locally and pushing from a pristine state.

replies(2): >>41866163 #>>41902257 #
1. account42 ◴[21 Oct 24 09:31 UTC] No.41902257[source]
Which makes sense because just being orphaned within git doesn't mean that there aren't any external references from PRs or just comments that people expect to be able to view.

And of course for actual secrets (as in passwords/keys/etc.) having deleting them from GitHub is not going to help you anyway as others could have made local copies that you have no control over.