Comment by zero_k

9 hours ago

Nobody at GitHub expected this? Their feature develoment&release processes must be garbage/non-existent/not followed. This potential security issue should have been flagged when the new feature was thought up, security should have been part of the process of implementing the feature giving continuous feedback, and it should have been tested for before release of the feature. That's how modern security teams work in large, well-functioning organisations.

What is going on over there? No process, no oversight, just YOLO? Super-scary, because it means other stuff that we don't see is likely to be done in a similar manner.

You know how it works. There probably were people who didn't want that, but then there is push from business, deadlines, etc.

  • It's crazy I am being downvoted, though. Like, I am complaining about their processes that failed, and people are somehow on GitHub's side. Really weird stuff.