Hacker News new | comments | apply | show | ask | jobs | submit login

GitHub now [allows HTTPS pushes][1], so a man-in-the-middle attack on a single connection would be sufficient to push backdoors. In any case, can't the intermediary just add another SSH key to the account?

[1]: https://help.github.com/articles/pushing-to-a-remote




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: