>The not-responding-when-notified part makes me think it's not just incompetence.

Strong disagree. The person in question probably thought it was a private repo on Github and had a massive deer in headlights reaction when they got contacted. Whoever this is, lost their job, possibly security clearance and more. This was 100% life altering "mistake"/gross incompetence decision they made.

▲

SoftTalker 6 hours ago | parent | next [-]

the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.

That doesn't support the theory that it was a mistake. That was intentional action. Maybe he was being blackmailed, and was coerced to do it. Or maybe he was a foreign agent or sympathizer who had infiltrated the organization.

	▲	stackskipton 6 hours ago \| parent [-]
		There has been no indication if this was personally owned GitHub or Organizational owned GitHub. If it's personally owned, it still is one person doing massive dumb. Even if it's Organizational, it's very possible that person in question had rights to do this without oversight. I've been a government contractor before, it does not employ best and brightest, it employs the average and below generally.

▲

modriano 7 hours ago | parent | prev [-]

Maybe. I didn't see enough in the article about the repo owner/committer to make any inference about their intentions and wouldn't jump to conclude it was incompetence or malice or crafty leaking. The only real signal I saw was that the repo didn't immediately turn private when the person was notified.

For some people, yeah, this could be a career killer. For some other people, it might just precipitate a flight back to Moscow or Beijing or something.