←back to thread

Immutable releases are now generally available on GitHub

(github.blog)
151 points fastest963 | 4 comments | 31 Oct 25 13:59 UTC | HN request time: 0.001s | source
Show context
eviks ◴[31 Oct 25 15:10 UTC] No.45772876[source]
Why is deletion not allowed, which supply chain attacks work by deleting a release, not changing it to a malicious one?
replies(5): >>45773196 #>>45773264 #>>45773401 #>>45773560 #>>45773758 #
1. kbolino ◴[31 Oct 25 15:59 UTC] No.45773560[source]
Deletion creates a hole. The hole can be filled by something else. This is a form of mutation.

What you probably want instead is one-way revocation. You place a permanent marker that says "do not use this release because it is {broken, malicious, ...}".

replies(1): >>45773616 #
2. eviks ◴[31 Oct 25 16:04 UTC] No.45773616[source]
No, you can make the whole immutable, that is if a tag in an immutable repo was used and deleted, it can't be used again
replies(1): >>45773900 #
3. kbolino ◴[31 Oct 25 16:31 UTC] No.45773900[source]
An "immutable hole" just sounds like a "revocation marker" without an accompanying message, so I don't think we're really asking for different things, here. Nevertheless, ordinary tag deletion -- what git natively supports -- can't be supported directly.
replies(1): >>45775613 #
4. eviks ◴[31 Oct 25 19:13 UTC] No.45775613{3}[source]
The difference is the unavailability of content. For example, you attach the wrong binary and want to avoid confusion/mistaken downloads either manual or via tools that don't support your markers, in the most direct way - by deleting the binary from release. But you can't fix it if you opted into the security benefits of no hidden mutation