Ambiguous docs around fork deletion can lead to confusion #34383
Labels
content
This issue or pull request belongs to the Docs Content team
pull requests
Content related to pull requests
Comments
ahpook
added
the
content
|
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
github-actions
bot
added
the
triage
2 tasks
|
@ahpook Thank you for opening an issue and linking it to your PR! ✨ |
nguyenalex836
added
pull requests
This comment was marked as spam.
This comment was marked as spam.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility#deleting-a-public-repository
What part(s) of the article would you like to see updated?
The text of the linked section on deleting a fork says only that "a fork" will be promoted to be the head of a fork network when the current upstream is deleted. This can lead to confusion about the expected behavior in this scenario. In fact, the current oldest fork will be promoted to the new upstream, and a simple change to the docs could eliminate that ambiguity and subsequent confusion.
Additional information
A security researcher was confused about this behavior and posted that when the head of a fork network is deleted, and arbitrary fork is promoted to be the head of the network, which could introduce a takeover attack if the fork thus promoted was owned by a bad actor. Clearly documenting that it's the oldest active fork rather than an arbitrary one would reduce the frightening possibility of a takeover.
https://x.com/trufflesec/status/1823069323348611345
The text was updated successfully, but these errors were encountered: