
Leak Mitigation Checklist - oodelally
https://github.com/GitGuardian/APISecurityBestPractices/blob/master/Leak%20Mitigation%20Checklist.md
======
jamestimmins
"If you are a junior developer, we highly recommend that you talk to your lead
developer or to the security guy. It's OK to make mistakes. Recognizing a
mistake is the best way to show how much you care."

This is such a good piece of advice and really describes the proper ethos for
understanding what causes leaks.

------
hashhar
I'd like to add contacting Github support on the list. I once had a similar
issue and after deleting the repo I asked them to flush their caches and
delete backups. The support person redirected me to someone on the technical
staff. They confirmed with me after verifying my identity and went ahead with
the backup deletion. After that I pushed my fixed code to a new repo of the
same name.

The entire process took less than an hour considering that it was 2pm in India
when the issue happened and the support staff was most likely in the Americas.

~~~
dylanpyle
Seems like the first point ("Once you have pushed a commit to GitHub, you
should consider any data it contains to be compromised.") supersedes that —
even if you and GitHub both erase any trace of it, there's a nonzero chance
that some kind of automated system, malicious or not, has a copy of it
already.

~~~
efourrier
that's right just look at [http://ghtorrent.org/](http://ghtorrent.org/) !

