karakasa
commented
1 year ago Although I still don't think you should put private keys in the repo, it's OK if you said you don't want the library to be bounded to you.
Closed karakasa closed 1 year ago
karakasa
commented
1 year ago Although I still don't think you should put private keys in the repo, it's OK if you said you don't want the library to be bounded to you.
AdamWhiteHat
commented
1 year ago Oh I know, it feels incredibly wrong to check in a private key, doesnt it?
But yeah, Microsoft recommends it for open source libraries. 🤷
Its a result of the fact that strong naming doesn't provide any of the security guarantees it was originally envisioned to.
commit #4b5139f. I think you shouldn't do that.
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository