Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes, and in the real world where Grice's Maxim of Relevance is in force, then when the secrets issuer that is the subject of the discussion isn't one of those partners, then an informative "reminder" that GitHub "has a secret scanning program" with a bunch of other partners is not actually informative. It's as superfluous and unhelpful as calling to let someone know you're not interested in the item they've posted for sale on Craiglist (<https://www.youtube.com/watch?v=xWG3jKzKcm8>).


It's more useful than telling someone that their statement is a tautology in formal logic.


No it's not.


Yes it is. Reminding somebody of this feature is useful to somebody, even if it's not completely relevant to the topic being discussed. Calling out a supposed tautology is the opposite of useful: it helps nobody and just clutters things up.


> Reminding somebody of this feature is useful to somebody, even if it's not completely relevant to the topic being discussed.

Yeah, it's especially useful in that case. Useful to attackers, because someone "helpfully" showed up with "reminder" that reads like a suggestion to post these specific secrets (or any other Algolia secrets that other HNers might have come across) in the open out of some misguided belief that doing so will invalidate them.

This has to be one of the dumbest, most reckless threads to have been posted (and so vociferously defended) on HN.


How is reminding people that they can safely revoke exposed API keys not informative? Why are you being so combative?


Because "This has to be one of the dumbest, most reckless threads to have been posted (and so vociferously defended) on HN."

https://news.ycombinator.com/item?id=47419913




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: