Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This isn't a bug or a bad default - your email address was never supposed to be private... that's how people contact you (besides the GitHub issues system).


I strongly disagree. People don't appreciate unwanted email to their personal accounts. That is why we don't put our email places where bots, recruiters, etc can easily access it. You generally only want to give your email out to sources that you want contacting you.

If you think people should only use an email address that they want to be contacted with, that is where I am saying the issue lies. People signup to Github, commit some code without knowing Github is giving their email out to the world. You are arguing that is by design, but I am saying most people don't understand it works that way. It's an education thing or change of defaults.


> People signup to Github, commit some code without knowing Github is giving their email out to the world.

No - the correct statement is: "People signup to Github, commit some code without [understanding that their local Git configuration] is giving their email out to the world".

Github is not giving their email out - they are. Their email ends up in the Git commit objects _on their local disk_, long before Github ever sees the commits.

Don't blame Github, Github is not at fault. The users who don't configure their system correctly are at fault. Github is just where those users voluntarily publish their email address (when the publish the Git commit objects that their local Git copy inserted their email address into). The identical issue exists with _any_ internet Git hosting service.

The distinction is subtle, but important. You can argue 'education' all you want, but your article blames Github, when it is not Github's fault, nor can Github do anything about it (because changing the content of the commit objects also changes their sha1 hash, making them _different_ commit objects, and breaking the Git repository in the process).

> You are arguing that is by design,

It is by design, this is how Git works. Create an empty git repository on your local machine, then make a test commit. Then look at the output of 'git log'. The email address you told git to include will be part of the log output. Why?, because it is part of the Git commit object on disk.

> but I am saying most people don't understand it works that way. It's an education thing or change of defaults.

Which is also fine, but your article is written as:

Github reveals your email addresses - they should stop doing so.

When the facts are:

You reveal your email address when you mis-configure Git and then push something to an internet Git hosting service.

Place the 'blame' where it belongs (users mis-configuring their local Git settings) rather than where it does not (Github).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: