Ryabitsev: Cross-fork object sharing in git (is not a bug)

This is a few days old, but evidently there
is still need for this message: Konstantin Ryabitsev explains
how it is easy to cause a commit to appear falsely to be part of a GitHub
repository:

With all the benefits of object sharing comes one important
downside — namely, you can access any shared object through any of
the forks. So, if you fork linux.git and push your own commit into
it, any of the 41.1k forks will have access to the objects
referenced by your commit. If you know the hash of that object, and
if the web ui allows to access arbitrary repository objects by
their hash, you can even view and link to it from any of the forks,
making it look as if that object is actually part of that
particular repository (which is how we get the links at the start
of this article).

A failure to understand this point is how the net fills up with articles
like this one.

Source: LWN.net – Ryabitsev: Cross-fork object sharing in git (is not a bug)

Prime-WoW

My site, my way, no big company can change this

Ryabitsev: Cross-fork object sharing in git (is not a bug)