{"id":20638,"date":"2018-02-20T15:07:59","date_gmt":"2018-02-20T20:07:59","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=20638"},"modified":"2018-02-20T15:07:59","modified_gmt":"2018-02-20T20:07:59","slug":"github-shouldnt-allow-username-reuse","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2018\/02\/20\/github-shouldnt-allow-username-reuse\/","title":{"rendered":"GitHub Shouldn&rsquo;t Allow Username Reuse"},"content":{"rendered":"<p><a href=\"https:\/\/donatstudios.com\/GithubsTotalSecurityFacepalm\">Jesse Donat<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=16343926\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/donatstudios.com\/GithubsTotalSecurityFacepalm\"><p>Usernames, once deleted, should never be allowed to be valid again. Many sites including Google do it this way.<\/p>\n<p>Allowing username reuse completely breaks any trust that what I pull is what it claims to be.<\/p>\n<p>[&#8230;]<\/p>\n<p>I think another good option would be Github offering permalinks to repos, such that if they were deleted and recreated the pathing would change.<\/p>\n<p>It affects not only package managers and programs and software, but humans. Humans navigating Github. I have no way to tell while navigating the site if a project is the original or a charade. That is a problem.<\/p><\/blockquote>\n\n<p>Previously: <a href=\"https:\/\/mjtsai.com\/blog\/2018\/02\/19\/trusting-sdks\/\">Trusting SDKs<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Jesse Donat (via Hacker News): Usernames, once deleted, should never be allowed to be valid again. Many sites including Google do it this way. Allowing username reuse completely breaks any trust that what I pull is what it claims to be. [&#8230;] I think another good option would be Github offering permalinks to repos, such [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[],"tags":[524,71,48,96],"class_list":["post-20638","post","type-post","status-publish","format-standard","hentry","tag-github","tag-programming","tag-security","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/20638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=20638"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/20638\/revisions"}],"predecessor-version":[{"id":20639,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/20638\/revisions\/20639"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=20638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=20638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=20638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}