The Comforting Lie of SHA Pinning
chillax
14 points
5 comments
March 28, 2026
Related Discussions
Found 5 related stories in 43.2ms across 3,471 title embeddings via pgvector HNSW
- A tale about fixing eBPF spinlock issues in the Linux kernel y1n0 · 53 pts · March 18, 2026 · 41% similar
- Quantum computing bombshells that are not April Fools Strilanc · 103 pts · April 02, 2026 · 41% similar
- The Claude Code Leak mergesort · 79 pts · April 02, 2026 · 40% similar
- Reports of code's death are greatly exaggerated stevekrouse · 341 pts · March 22, 2026 · 40% similar
- Linux Page Faults, MMAP, and userfaultfd for fast sandbox boot times shayonj · 14 pts · March 12, 2026 · 39% similar
Discussion Highlights (4 comments)
nathan_douglas
Wow. I did not know this. I'll bring it up in my organization.
sh-cho
GitHub needs to support 'Immutable Release' on GitHub Actions, as soon as possible. Other methods are just workaround and easy to break just like example on the post.
quuxplusone
TFA writes: "Late last year NPM was basically a skip fire" — is this an idiom I should know? (Something like a misfire?) Or a typo for "ship fire"? Or something else?
rcxdude
This has been a big security/UX issue with github for a while. It extends to the web interface: you can link to a specific commit under an official github repo but the contents of the README on the page will be from a malicious fork, which makes it way easier to make links look legitimate.