The title is very click bait imo. It is not about any private data. It is a very specific case of deleted fork of the public repository. It is a bug, of course. But it doesn’t look so serious as I was thinking when saw the title.
It was purposefully designed that way so it’s not a bug. It’s just bad design. Like they say at the end of the article, people view private vs public as a security boundary. So it’s incredibly surprising and unintuitive behavior that has clearly resulted in security breaches.
The title is very click bait imo. It is not about any private data. It is a very specific case of deleted fork of the public repository. It is a bug, of course. But it doesn’t look so serious as I was thinking when saw the title.
It was purposefully designed that way so it’s not a bug. It’s just bad design. Like they say at the end of the article, people view private vs public as a security boundary. So it’s incredibly surprising and unintuitive behavior that has clearly resulted in security breaches.