the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.
replyThat doesn't support the theory that it was a mistake. That was intentional action. Maybe he was being blackmailed, and was coerced to do it. Or maybe he was a foreign agent or sympathizer who had infiltrated the organization.
There has been no indication if this was personally owned GitHub or Organizational owned GitHub. If it's personally owned, it still is one person doing massive dumb. Even if it's Organizational, it's very possible that person in question had rights to do this without oversight.
replyI've been a government contractor before, it does not employ best and brightest, it employs the average and below generally.
Maybe. I didn't see enough in the article about the repo owner/committer to make any inference about their intentions and wouldn't jump to conclude it was incompetence or malice or crafty leaking. The only real signal I saw was that the repo didn't immediately turn private when the person was notified.
replyFor some people, yeah, this could be a career killer. For some other people, it might just precipitate a flight back to Moscow or Beijing or something.