IGitHub inyanzelisa imigaqo yokupapasha iziphumo zophando lokhuseleko

Darkcrizt

Imizuzu ye4

Logo yeGitHub

I-GitHub ipapashe uluhlu lweenguqu zemithetho, ikakhulu echaza umgaqo-nkqubo malunga nokuxhaphaza indawo kunye neziphumo zophando lwe-malware, kunye nokuthotyelwa komthetho wangoku we-US Copyright.

Ekukhutshweni kohlaziyo olutsha lomgaqo-nkqubo, bakhankanya ukuba bagxile kumahluko phakathi komxholo onobungozi obusebenzayo, ongavumelekanga kwiqonga, kunye nekhowudi ekuphumleni ekuxhaseni uphando lokhuseleko, olwamkelwa kwaye lucetyiswa.

Olu hlaziyo lukwagxile ekususeni ukungacaci kwindlela esisebenzisa ngayo amagama afana “ne-exploit,” “malware,” kunye “nokuhanjiswa” ukukhuthaza ukucaca kwezinto esizilindeleyo kunye neenjongo zethu. Sivule isicelo sokutsala izimvo zoluntu kwaye simema abaphandi bokhuseleko kunye nabaphuhlisi ukuba basebenzisane nathi kwezi ngcaciso kwaye basincede siqonde ngcono iimfuno zoluntu.

Phakathi kweenguqu esinokuzifumana, le miqathango ilandelayo yongezwe kwimithetho yokuthotyelwa kweDMCA, ukongeza kuthintelo lwangaphambili lokusasazwa kunye nokuqinisekisa ukufakwa okanye ukuhanjiswa kwe-malware kunye nokuxhaphaza okusebenzayo:

Ukwalelwa okucacileyo kokubeka itekhnoloji kwindawo yokugcina ukuthintela iindlela zobugcisa zokhuseleko yelungelo lokushicilela, kubandakanywa izitshixo zelayisensi, kunye neenkqubo zokuvelisa izitshixo, ukudlula ukuqinisekiswa okungundoqo kunye nokwandisa ixesha lomsebenzi wamahhala.

Ngokuphathelele oku, kukhankanyiwe ukuba inkqubo iyaziswa ukungenisa isicelo sokupheliswa kwekhowudi ekhankanyiweyo. Umceli wokususwa kufuneka anike iinkcukacha zobugcisa, ngenjongo ekhankanyiweyo yokufaka isicelo ukuba siqwalaselwe phambi kokuvalwa komsebenzi.
Ngokuvala i-repository, bathembisa ukubonelela ngekhono lokuthumela ngaphandle imiba kunye ne-PR, kunye nokubonelela ngeenkonzo zomthetho.
Ukuxhaphaza kunye notshintsho kumgaqo-nkqubo we-malware lubonisa ukugxekwa kulandela ukususwa kweMicrosoft yeprototype yeMicrosoft Exchange exploit esetyenziselwa ukwenza uhlaselo. Imithetho emitsha izama ukwahlula ngokucacileyo umxholo oyingozi osetyenziselwa ukwenza uhlaselo olusebenzayo olusuka kwikhowudi ehamba nophando lokhuseleko. Utshintsho olwenziwe:

Akuvumelekanga ukuhlasela abasebenzisi beGitHub kuphela ukupapasha umxholo ngezinto zokuxhaphaza okanye ukusebenzisa i-GitHub njengesithuthi sokuhambisa, njengoko kwakunjalo ngaphambili, kodwa upapashe ikhowudi ekhohlakeleyo kunye nokuxhaphaza okukhapha uhlaselo olusebenzayo. Ngokubanzi, akuvumelekanga ukupapasha imizekelo yezinto ezisetyenzisiweyo eziphuhliswe ngexesha lezifundo zokhuseleko kwaye ezichaphazela ubuthathaka obusele bumisiwe, kodwa yonke into iya kuxhomekeka kwindlela igama elithi "uhlaselo olusebenzayo" litolikwa ngayo.

Umzekelo, ukupapasha naluphi na uhlobo lwekhowudi yemvelaphi yeJavaScript ehlasela isikhangeli iwe phantsi kwesi sithintelo: umhlaseli akathinteli umhlaseli ekukhupheleni ikhowudi yemvelaphi kwibhrawuza yexhoba ngokukhangela, ukuchwetheza ngokuzenzekelayo ukuba iprototype yokuxhaphaza ipapashwe ngendlela engasebenzisekiyo. , kwaye uyiqhube.

Okufanayo kuya kuyo nayiphi na enye ikhowudi, umzekelo kwi-C ++: akukho nto ithintela ukuba ihlanganiswe kwaye iqhutywe kumatshini ohlaselwe. Ukuba i-repository enekhowudi enjalo ifunyenwe, kucetywayo ukuba ungayicimi, kodwa ukuvala ukufikelela kuyo.

Ukongeza koku, yongezwa:

  • Igatya elichaza ithuba lokufaka isibheno kwimeko yokungavumelani nebhloko.
  • Imfuno yabanini bogcino ukubamba umxholo onokuba yingozi njengenxalenye yophando lokhuseleko. Ubukho bomxholo onjalo kufuneka buchazwe ngokucacileyo ekuqaleni kwefayile ye-README.md, kwaye iinkcukacha zoqhagamshelwano zoqhagamshelwano kufuneka zinikezelwe kwifayile ye-SECURITY.md.

Kuxelwa ukuba, ngokubanzi, i-GitHub ayikususi ukuxhaphaza okupapashiweyo kunye nezifundo zokhuseleko kubuthathaka obuveziweyo (hayi usuku 0), kodwa igcina amandla okuthintela ukufikelela ukuba icinga ukuba kusekho umngcipheko wokusebenzisa ezi zinto zixhaphakileyo ngokwenyani. kunye nokuhlaselwa kwenkonzo ye-GitHub inkxaso ifumene izikhalazo malunga nokusetyenziswa kwekhowudi yokuhlaselwa.

Utshintsho lusekwimo eyidrafti, ekhoyo ukuze kuxoxwe ngayo kangangeentsuku ezingama-30.

Umthombo: https://github.blog/


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.