On Github, say I forked a project but did not want to display it on my profile because the project relates to something that I am not allowed to work on for non-compete reasons.
When I try to set the fork to private, I receive this error message on Github:
"For security reasons, you cannot change the visibility of a fork."
What are the potential security implications of changing the visibility of a fork?
CodePudding user response:
When you perform a push on GitHub, the data is pushed into the repository for you fork. Then, if there are multiple forks, those objects are moved into an alternate that is shared by all repositories in that network, forks included. This saves a lot of space when there are many forks, and it makes pull requests much easier, since the objects are already present in the main repository.
However, it means practically that all objects in all forks in the network are visible through any fork. As a result, if your fork were private, then someone who knew an object ID could view it through the main repository and see that data. This would be a security problem, so GitHub doesn't allow it.