GitHub ya saki canje-canje da yawa na doka, yafi bayyana manufofin game da wurin amfani da sakamakon binciken malwarekazalika da bin ka'idojin haƙƙin mallaka na Amurka na yanzu.
A cikin buga sabbin sabunta manufofin, sun ambaci cewa suna mai da hankali kan banbanci tsakanin abun ciki mai cutarwa sosai, wanda ba a ba shi izini ba a dandamali, da lambar da ke hutawa don tallafawa bincike na tsaro, wanda ake maraba da ba da shawara.
Waɗannan sabuntawar kuma suna mai da hankali kan cire shubuha a cikin hanyar da muke amfani da kalmomi kamar "amfani," "malware," da "isar da" don inganta bayyananniyar abubuwan da muke tsammani da kuma niyyarmu. Mun bude buqatar neman ja da baya don neman ra'ayoyin jama'a kuma muna gayyatar masu bincike na tsaro da masu ci gaba don hada kai da mu a kan wadannan bayanai kuma su taimaka mana kara fahimtar bukatun al'umma.
Daga cikin canje-canjen da za mu iya samu, an ƙara waɗannan sharuɗɗan yanayi zuwa ƙa'idojin bin DMCA, ban da haramcin rarrabawa a baya da ba da garantin shigarwa ko isar da malware masu aiki da amfani:
Haramtacciyar haramtacciyar sanya fasaha a cikin ma'aji don ƙetare hanyoyin kariya na fasaha haƙƙin mallaka, gami da maɓallan lasisi, da kuma shirye-shirye don samar da maɓallan, tsallake tabbacin tabbatarwa, da faɗaɗa lokacin aikin kyauta.
A kan wannan an ambata cewa ana gabatar da hanya don gabatar da buƙata don kawar da lambar da aka faɗi. Mai neman sharewa dole ne ya ba da cikakkun bayanai na fasaha, tare da bayyana niyyar gabatar da aikace-aikacen don nazari kafin kullewa.
Ta hanyar toshe wurin ajiyar, sun yi alkawarin ba da damar fitarwa da batutuwan da alaƙar jama'a, da ba da sabis na shari'a.
Canje-canjen manufofin ɓatar da ɓarnatarwa suna nuna zargi bayan bin Microsoft game da samfurin Microsoft Exchange da aka yi amfani da shi don kai hare-hare. Sabbin dokokin sunyi kokarin rarraba abubuwan hatsarin da aka yi amfani dasu don aiwatar da hare-hare daga lambar da ke tare da binciken tsaro. Canje-canje da aka yi:
Ba wai kawai auka wa masu amfani da GitHub aka haramta ba - buga abun ciki tare da amfani ko amfani da GitHub azaman abin isar da kayan amfani, kamar yadda yake a da, amma har ila yau buga lambar ɓarna da fa'idodin da ke rakiyar hare-hare masu aiki. Gabaɗaya, ba haramun bane buga misalai na ayyukan ci gaba yayin karatun tsaro kuma hakan yana shafar raunin da aka riga aka gyara, amma duk zai dogara ne akan yadda ake fassara kalmar "kai hare-hare".
Misali, yin rubutu a cikin kowane nau'i na lambar tushe ta JavaScript da ta kaiwa hari ga mai binciken ya faɗi ƙarƙashin wannan ƙa'idar: maharin ba ya hana maharin saukar da lambar tushe zuwa mai bincike na wanda aka cutar ta hanyar bincike, ta atomatik patching ko samfurin samfur ɗin da aka buga a cikin form mara amfani, kuma yana tafiyar dashi.
Hakanan yake ga kowane lambar, misali a cikin C ++: babu abin da ya hana shi tattarawa da gudana akan na'urar da aka kai hari. Idan aka sami wurin ajiya mai irin wannan lambar, an shirya shi ne don kar a share shi, amma don rufe hanyar zuwa shi.
Baya ga wannan, an ƙara shi:
- Wani sashi wanda ke bayanin yiwuwar gabatar da ƙara idan har aka sami sabani da toshewar.
- Abinda ake buƙata ga masu mallakin ajiya waɗanda ke karɓar abubuwan haɗari masu haɗari a matsayin ɓangare na binciken tsaro. Dole ne a bayyana kasancewar wannan abun a bayyane a farkon fayil ɗin README.md, kuma dole ne a ba da bayanan adireshin sadarwar a cikin fayil ɗin SECURITY.md.
An bayyana cewa GitHub gabaɗaya baya cire amfani da aka buga tare da karatun tsaro don raunin da aka bayyana (ba ranar 0 ba), amma yana da ikon taƙaita samun dama idan yana jin cewa har yanzu akwai haɗarin amfani da waɗannan In-sabis da duniyar gaske kai hari amfani da tallafin GitHub ya sami ƙorafi game da amfani da lamba don kai hare-hare.
Canje-canjen har yanzu suna cikin matsayin aiki, ana iya tattaunawa don kwanaki 30.
Source: https://github.blog/