OMG, am dying!!!

Someone used the bug GitHub refused to fix, that allows you to add a commit to a repo you don’t control... to upload YouTube-dl to the DMCA request repo on GitHub.

@rysiek @thegibson Has to do with how GH handles different forks of a repo. Seems they're just branches in the parent repo rather than their own intendant repo. (namespaced by username or something) Makes total sense.

The "bug" is that you can fork someone else's repo, push a commit to your fork, and view the commit on the parent repo, (or anyone else's fork of that repo for that matter) hence the commit hash in the URL. If you click on the commit, you'll see a note that the commit you're viewing isn't part of any branch in that repository.
@mr64bit @rysiek @thegibson I guess this is also why everyone's forks go away if you destroy your repo.

@TheGibson How to checkout:
git clone
git fetch origin 416da574ec0df3388f652e44f7fe71b1e3a4701f
git checkout 416da574ec0df3388f652e44f7fe71b1e3a4701f

@thegibson which bug report was it they refused to fix that was used here?

It's a cute trick, but this is not a " bug that GitHub refuses to fix" -- it's how git forks work fundamentally. The alternative is to either deep-copy each repo on fork, or to calculate reachability on each direct object request. Both options extremely expensive.

@monsieuricon @thegibson Calculating reachability is one of the modes of git itself.

Having two different repos share an object store is a github decision.

@clacke a conscious decision is not a "bug, that GitHub refuses to fix" though. All public forks share objects. Private forks don't.


Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.