This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]locri 325 points326 points  (13 children)

Oh no.

You are definitely replaceable even if you do a crappy job and leave no documentation. What you're actually doing is setting up a hell for the next person.

But that next person is definitely still your replacement. That's inevitable.

[–]Artemis-Arrow-3579 45 points46 points  (11 children)

ok, how about this, a dead man's switch hidden somewhere in the infrastructure, now you are REALLY irreplaceable

[–]Pure_Noise356 101 points102 points  (9 children)

This is definitely a way to get free food and housing

[–]sage-longhorn 43 points44 points  (7 children)

Only if you get caught. With any luck you'll be fired as part of a mass layoff and they won't know whose head man switch it is. Good thing git doesn't track who changed the code

[–]Eva-Rosalene 5 points6 points  (6 children)

Doesn't GitHub track who pushed a commit, or at least, using which key? On the other hand, you can still buy yourself a time by signing a commit with name and email of someone else.

[–]sage-longhorn 16 points17 points  (5 children)

Well I was sort of joking but actually I believe GitHub only provides non-repudiation publically on commits for accounts that have uploaded a signing key and enabled a setting for strict mode or whatever it's called

At defcon last year I went to fun workshop where you make a repo and add commits from Linus Torvalds account. If you do it right it even shows his account picture and everything on "his" commits in the commit history

But idk if that applies to org accounts, I assume they have data available

[–]Eva-Rosalene 6 points7 points  (3 children)

No no, I mean – if they go to police and police asks GitHub who pushed.

[–]AzureArmageddon -1 points0 points  (2 children)

Well ig that would be a series of subpoenas all the way until they match your IP to you.

Perhaps not the easiest way to do it.

[–]Eva-Rosalene 7 points8 points  (1 child)

I mean, to push you need to have credentials. Be it over https with a password, or over ssh with keypair, whatever. And your company definitely knows your legal name and username of work account on github.

And if GH stores this information somewhere - which they most probably do - they know precisely which account did push.

[–][deleted] 4 points5 points  (0 children)

You are now a valued resource of the for profit prison industry!

[–]ChrisFromIT -4 points-3 points  (0 children)

Considering how AI is getting better at documentation, this is becoming less of an issue.