Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Programming

GitHub Drops Support for Weak Cryptographies, Adds Emojis for Labels (github.com) 50

An anonymous reader writes: GitHub has quietly made a few changes this month. Labels for issues and pull requests will now also support emojis and on-hover descriptions. And they're also deprecating the anonymous creation of "gist" code snippets on March 19th, since "as the only way to create anonymous content on GitHub, they also see a large volume of spam." Current anonymous gists will remain accessible.

But the biggest change involves permanently removing support for three weak cryptographic standards, both on github.com and api.github.com.

The three weak cryptography standards that are no longer supported are:
  • TLSv1/TLSv1.1. "This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com."
  • diffie-hellman-group1-sha1. "This applies to all SSH connections to github.com."
  • diffie-hellman-group14-sha1. "This applies to all SSH connections to github.com."

This discussion has been archived. No new comments can be posted.

GitHub Drops Support for Weak Cryptographies, Adds Emojis for Labels

Comments Filter:
  • Is it something you introduce to small children as a prelude to teaching them to read and write? Seems like a waste of megabytes in /usr/share/fonts to have all those glyphs on your system when you can just give them paper and purple crayon.
    • Is it something you introduce to small children as a prelude to teaching them to read and write? Seems like a waste of megabytes in /usr/share/fonts to have all those glyphs on your system when you can just give them paper and purple crayon.

      They are something for old men to wave their canes at.

    • Let me tell you how I feel about that: (indecipherable symbol) (indecipherable symbol) (indecipherable symbol).
    • Is it something you introduce to small children as a prelude to teaching them to read and write? Seems like a waste of megabytes in /usr/share/fonts to have all those glyphs on your system when you can just give them paper and purple crayon.

      They were added to help our President learn to code.

      • They were added to help our President learn to code.

        "OK, I've found the Control key. I really believe I'd use this gun to protect schoolchildren. I'v... oh damn, I've shot myself in the leg."

        [Later] "OK, leg bandaged. Control key. Alt key. But where is the Pussygrab key?"

    • by antdude ( 79039 )

      I am getting annoyed with everything having to have emojis. What's next? Animojis? Argh. Let's just stick with emoticons. :P

  • Let's add emoji to label instead of fixing all the dumb errors that happen 99% of the time. https://imgs.xkcd.com/comics/g... [xkcd.com]
    • You are confusing git with github.

      Github is a platform for hosting git repositories. Git is a distribute version control system. Github can't diverge from git because then it would be something-else-hub and not much use.

      I found this webpage: http://tom.preston-werner.com/... [preston-werner.com] demystified git a lot. Things started to make much more sense about how they worked and why they broke.

      It won't fix the UI problem of random unrelated shite being crammed into one command, poor documentation [lokaltog.net] and submodules and git-lfs b

    • Uhm, except git solves precisely those errors. Once anything is committed, even if you amend/rebase/etc that commit away, git really goes out of its way to preserve it; it takes a malicious action to lose data with git.

  • I didn't realize they even did ssh... Can we grep commit messages of repositories we don't own?
    • You can probably grep it without cloning it, but you can certainly clone it and then git log | grep

    • I didn't realize they even did ssh...

      Yes: but you have to sign up so you have somewhere to upload your public key.

      Can we grep commit messages of repositories we don't own?

      That's kind of the point of DVCSs, of hwich git is one. A checkout is a full clone of the entire repository and its history.

  • I used to develop open source up until a few years back and when I wanted to release something I just stuck a tgz file on my web site. Why do I need something like github? I'll do version control and source management on my own machine with appropriate backups, why on earth would I want to do it on a cloud system? Its extra hassle for zero gain as far as the development process goes as far as I can see.

    • by Anonymous Coward

      How do you collaborate with others?

      • by tepples ( 727027 )

        Bug reports on a mailing list, presumably.

      • by Viol8 ( 599362 )

        I don't, the code wasn't a collaberative effort. If there are bugs then there's this novel thing called email people can use to report them.

    • As an AC said, the big benefit to GitHub is collaboration.
      Heck even if you don't have other developers, sometimes *users* can benefit from seeing changes, such as when deciding whether or not to install a new version, or if a recent change might explain some odd behavior they are seeing.

      When there is more than one developer, GitHub largely provides the best of both worlds between centralized and de-centralized development. In Git, each clone of the repo is complete and you can work completely offline. Ther

      • You can use Git without GitHub, but GitHub makes it more convenient with an easy interface to comment on pull requests, set up policy regarding if code review is required before merging, etc.

        How does it compare to Savannah [nongnu.org], GitLab, and Bitbucket in this respect? Or a self-hosted copy of Savane (Savannah's engine) or GitLab Community Edition?

        • I haven't used Savannah. I see that it supports many different types of version control. That may be good if you use many types, but if you have chosen Git, it would be reasonable to expect that a Git-focused system, by far the most popular and best-funded Git-based system, probably works better with Git than does a "jack of all trades" with less than 1% as much development funding.

          I know Linus at one point chose Bitbucket. Linus isn't stupid, so obviously it's worth considering.

  • The security theoreticians are making the world a lot less secure and functional. Systems should maintain support for these compromised methods but have connections negotiate the best security available. Because old, unmainted systems remain in service and when a secure connection fails, they fall back to using plain text instead. Or just plain fail. I've been struggling with this in upgrading our company's email server.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...