←back to thread

Immutable releases are now generally available on GitHub

(github.blog)
151 points fastest963 | 3 comments | 31 Oct 25 13:59 UTC | HN request time: 0s | source
1. dare944 ◴[31 Oct 25 17:09 UTC] No.45774301[source]
> When you enable immutable releases, the following protections are enforced: • Git tags cannot be moved or deleted; • Release assets cannot be modified or deleted

On the face of it, this seems like a non-starter. If a particular immutable release represents a danger to the consumer (extreme example: the software contains a bug that could result in physical injury) one must have the ability to retract that release so that no further consumers of the software could be affected by it. It makes sense that a retraction of an immutable release should not be reversible in such a way that the release could be recreated with different contents. But retractions must be possible, for both ethical and legal reasons.

I would also argue that its not sufficient to simply apply a blanket "deny all" access control to dangerous releases (assuming such a mechanism exists), as this does not adequately convey the deprecating nature of the change (and as a result, could mistakenly be reversed in the future). Ideally the retraction itself would be immutable such that once retracted the release is inaccessible forever.

Now, it may be that all this is supported by the new feature; I haven't had the chance to test it yet. But nothing in the documentation makes this clear one way or another.

replies(1): >>45774472 #
2. weinzierl ◴[31 Oct 25 17:26 UTC] No.45774472[source]
I think there are compelling reasons to support:

1. Unremovable

2. Uninstallable while keeping the data available

3. Removing the release completely (while keeping an audit log that this happened)

1 is for use-cases where availability trumps security. I'd argue this should never be the case but at the same time it is how our world ticks by and large. Hard to take this away from people.

2 is for security, forensics and heritage but at the cost of availability. Uninstallable could mean to only offer the artifacts in an archive.

3 must always be possible as a last resort for illegal content that slipped through all previous safeguard layers.

replies(1): >>45777502 #
3. matt_kantor ◴[31 Oct 25 22:41 UTC] No.45777502[source]
Your note on 3 brings up a good point: I'm sure that if there's a DMCA takedown notice or somesuch that GitHub will in fact delete your "immutable" release which "can't be deleted".