• visor841@lemmy.world
    link
    fedilink
    arrow-up
    51
    ·
    edit-2
    5 months ago

    While this is still a massive problem, it does require a public fork at some point. So if you have a private repo that has never had a public fork, you should be safe.

      • hedgehog@ttrpg.network
        link
        fedilink
        arrow-up
        7
        ·
        5 months ago

        Yes, but only in very limited circumstances. If you:

        1. fork a private repo with commit A into another private repo
        2. add commit B in your fork
        3. someone makes the original repo public
        4. You add commit C to the still private fork

        then commits A and B are publicly visible, but commit C is not.

        Per the linked Github docs:

        If a public repository is made private, its public forks are split off into a new network.

        Modifying the above situation to start with a public repo:

        1. fork a public repository that has commit A
        2. make commit B in your fork
        3. You delete your fork

        Commit B remains visible.

        A version of this where step 3 is to take the fork private isn’t feasible because you can’t take a fork private - you have to duplicate the repo. And duplicated repos aren’t part of the same repository network in the way that forks are, so the same situation wouldn’t apply.