Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tiffanyh 2 hours ago

Is Twitter/X the right channel to announce a security event like this?

I ask because I don’t see anything posted on their official blog or status page.

https://github.blog/

https://www.githubstatus.com/

lynndotpy 14 minutes ago | parent | next [-]

It's certainly not the right platform. It'd be one thing if they had any official communication on the matter anywhere else. Maybe they're ashamed and are trying to limit the visibility while only technically issuing an announcement.

They announced this exclusively on X.com, which ranks barely above Pinterest in terms of usage. That's below Reddit, Snapchat, WeChat, and Instagram, and requires a user account to view profiles and posts. And that's ignoring all the reasons X is a divisive platform with an extreme political bent.

GitHub chose not to announce this on any other social media either (BlueSky, Facebook, TikTok, YouTube, LinkedIn, or Mastodon, as of this posting, and with no emails sent on the matter.)

cebert 2 hours ago | parent | prev | next [-]

It’s a very popular messaging platform for tech enthusiasts.

ignu 16 minutes ago | parent | next [-]

also a very popular messaging platform for [redacted] enthusiasts

yallpendantools 2 hours ago | parent | prev [-]

So? Is this where your corporate paying clients should find out about an issue of this severity?

Not to mention Twitter is not an open platform anymore! (A) I'm an employee in an organization paying for Github. (B) I don't have a Twitter account. I already have a Github account because of (A). Why should (B) stop/delay me from getting official comms about this?

zdragnar 39 minutes ago | parent | next [-]

I can't imagine they'd spam every account with an email address, though an email to organization owners would make more sense.

yallpendantools 32 minutes ago | parent [-]

> I can't imagine they'd spam every account with an email address

It's not "spam" if it is relevant to me, such as security incident disclosures.

Also, as tiffanyh pointed out, what's wrong with Github blog or is that exclusively for marketing fluff now? That would've been appropriate enough, without having to spend Sendgrid credits.

insanitybit an hour ago | parent | prev [-]

Isn't it the first stop for the USG at this point? I mean, I wish the world were a different place but here we are.

niyikiza 31 minutes ago | parent | prev [-]

Probably the best option after sending a mass email when customers need to take action. The status page is for reliability issues impacting end users & the blog is for in-depth analysis.