Some time ago I wrote about version control systems and storing secrets. And I still think it’s a fools errand because you’ll never be able to prevent it and education and awareness is the only thing that is going to reduce the incidences.
But now I’m thinking about the footprints left behind… when you cancel or close an email account… cancel or move a public project, team or repository.
For example I have a number of projects that I hosted on both bitbucket and github. In most cases it was more of a land grab than proper use. But in the end it was meaningless.
- if I cancelled the project the “brand” remains and someone like a squatter is going to reuse it eventually as there is a google footprint and is likely to make them something
- Someone is just as likely to clone the project and use it in a social engineering way to leverage your brand reputation to do bad things
- in the case of emails there is a good chance someone is going to receive emails that robots sent you and which might leak personal information, passwords, or grant access to 3rd party systems in the form of “forgot my password” challenges.
I’m fairly certain google cancels an email address once it is canceled or abandoned. It’s the sort of thing we should all do.
UPDATE: By DVCS I’m referring to service providers and not self hosted repositories.