Update: I’ve contacted Github support about this, and given them a suggestion about a default-on preference/setting to filter those for everyone but the repo owner, perhaps with a visual cue about it
Update 2: as of this update, the search for these sorts of files no longer appears to be working; I also got a mail back from github support about this earlier, but didn’t really read it yet
Or to give people the benefit of the doubt, perhaps they just didn’t know better. I don’t even understand how this comes to pass, it’s so different from what I’m typically used to.
The URLs for these are as follows:
- https://github.com/search?q=path%3A.bash_history
- https://github.com/search?q=path%3A.zsh_history
- https://github.com/search?q=path%3A.ssh/id_rsa
There are some more, obviously. Use your imagination to find them. You can also filter for passwords and such:
- https://github.com/search?q=path%3A.bash_history+password
- https://github.com/search?q=path%3A.my.cnf
So, to all the people who have done this: don’t upload any of your history files, private ssh keys, etc, to something on the public internet.