undefined | Better HN

0 pointsKwpolska2y ago0 comments

Keeping the repository, even as a public archive, would still require a lot of resources on GitHub's side. The only fair thing to do here would be to apologize and ask for the repo to be deleted.

0 comments

rafark2y ago

And could be seen as a reward or an encouragement for other people to abuse the service.

eyelidlessness2y ago

They already do incentivize white hat exploit efforts[1]. The author seems to have run afoul of one of their rules[2] by impacting other users, but I don’t think that impact could be knowable without trying.

GitHub could trivially honor the request without changing the incentives or even taking any defensive implementation action, by specifically citing this experiment in the rules and maybe adding some more specific wording to the TOS.

1: https://bounty.github.com/

2: https://bounty.github.com/#rules

j / k navigate · click thread line to collapse