Comment by oxfordmale
2 years ago
As the author pointed out, the documentation was written three years after he reported it.
Beyond that is is also a batshit crazy implementation. Just I imagine AWS would still allow AWS credentials to give access to a deleted account
The expectations for AWS and public repository hosting are not the same. If you leaked something to a public GitHub repo you should assume that it has been cloned the second you pushed it.
This is about access to private repos, not public ones:
"Anyone can access deleted and private repository data on GitHub"