Why open-sourcing is such a challenge? by mailhustle

mailhustle · @mailhustle · Aug 9 '18

Why open-sourcing is such a challenge?

Recent incident with `homebrew`: https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab

They left GitHub credentials in the Jenkins deployment.

**OUCH**

Open-sourcing the thing is a challenge.

Data is sensitive, there might be some hidden gems in the commit history.

Leaning towards towards starting a new repo from scratch.

The one below is pretty major and beautiful in its simplicity at the same time.

# Apple `goto fail;`

Everyone makes mistakes, [here](https://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c) is pretty major one:

![https___opensource_apple_com_source_Security_Security-55471_libsecurity_ssl_lib_sslKeyExchange_c_🔊.png](https://cdn.steemitimages.com/DQmZEbSgXBEQTDm4uc9WkK8CTuN6AdrZYZnbEppnhpdCMPp/https___opensource_apple_com_source_Security_Security-55471_libsecurity_ssl_lib_sslKeyExchange_c_%F0%9F%94%8A.png)

Read more about it: https://www.imperialviolet.org/2014/02/22/applebug.html

👍 obaku, lastbreach, ripper234

`author`	mailhustle
`permlink`	why-open-sourcing-is-such-a-challenge
`category`	mailhustle
`json_metadata`	{"tags":["mailhustle","infosec","defcon","security","hacking"],"image":["https://cdn.steemitimages.com/DQmZEbSgXBEQTDm4uc9WkK8CTuN6AdrZYZnbEppnhpdCMPp/https___opensource_apple_com_source_Security_Security-55471_libsecurity_ssl_lib_sslKeyExchange_c_%F0%9F%94%8A.png"],"links":["https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab","https://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c","https://www.imperialviolet.org/2014/02/22/applebug.html"],"app":"steemit/0.1","format":"markdown"}
`created`	2018-08-09 13:33:39
`last_update`	2018-08-09 13:33:39
`depth`	0
`children`	0
`last_payout`	2018-08-16 13:33:39
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	1,000
`author_reputation`	2,137,733,942
`root_title`	"Why open-sourcing is such a challenge?"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	67,642,036
`net_rshares`	54,707,206
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
ripper234	0	100%
obaku	54,707,206	0.6%
lastbreach	0	100%