Three days ago my #github account was apparently “flagged” (whatever that means).
I wasn’t notified about it. No email. No banner in my account. I only discovered it when a workflow I was testing wasn’t working and my signed commits were “unverified” because “no email address is associated with the committer”. A friend at work then told me my profile page 404’d.
8 hours later GitHub also deleted the codespace powering my GitHub pages-hosted website, taking it offline.
🧐
1/n
This entry was edited (1 week ago)
Scott Lougheed
in reply to Scott Lougheed • • •Thankfully my Tailscale (which I sign into via GitHub) is still accessible.
But this has spooked me, and I think I will be relying less on GitHub and other services that can arbitrarily and without notice deny me access and remove hosted content. I will absolutely transition away from “sign in with [GitHub/whatever]” (which I already rarely used) where possible, and will no longer host on GH pages.
The web is great or whatever 😐
4/4
#github
steve mookie kong
in reply to Scott Lougheed • • •Scott Lougheed
in reply to steve mookie kong • • •for consumers, it has its place. Same for small devs who don’t want to figure out how to securely store passwords. But generally, I agree. I’d also call these “social sign-on” to distinguish it from a more workforce identity SSO context.
In business, it’s absolutely got a place in workforce identity management. Not a silver bullet, but it’s a pretty critical part of a modern business auth/identity stack.