GitHub ya buga sauye-sauyen manufofin da ke zayyana manufofi game da aikawa da abubuwan amfani da bincike na malware, da kuma bin Dokar Haƙƙin mallaka na Millennium na Amurka (DMCA). Canje-canjen har yanzu suna cikin daftarin matsayi, akwai don tattaunawa cikin kwanaki 30.
Baya ga haramcin da aka gabatar a baya akan rarrabawa da tabbatar da shigarwa ko isar da malware da cin zarafi, an ƙara waɗannan sharuɗɗan zuwa ƙa'idodin DMCA:
- Bayyanannen haramcin sanyawa a cikin fasahar ma'ajiya don ƙetare hanyoyin fasaha na kariyar haƙƙin mallaka, gami da maɓallan lasisi, da kuma shirye-shiryen samar da maɓalli, ketare maɓalli na tantancewa da tsawaita lokacin aikin kyauta.
- Ana gabatar da hanyar shigar da aikace-aikacen don cire irin wannan lambar. Ana buƙatar mai nema don sharewa don samar da cikakkun bayanai na fasaha, tare da ayyana niyyar ƙaddamar da aikace-aikacen gwaji kafin toshewa.
- Lokacin da aka toshe ma'ajiyar, sun yi alkawarin samar da ikon fitar da al'amura da PRs, da bayar da sabis na doka.
Canje-canje ga fa'idodi da ƙa'idodin malware suna magance sukar da suka zo bayan Microsoft ta cire wani samfurin Microsoft Exchange da ake amfani da shi don ƙaddamar da hare-hare. Sabbin ka'idojin suna ƙoƙarin raba abun ciki mai haɗari da ake amfani da shi don kai hari daga lambar da ke goyan bayan binciken tsaro. Canje-canjen da aka yi:
- An haramta ba kawai don kai hari ga masu amfani da GitHub ta hanyar buga abun ciki tare da amfani da shi ba ko kuma amfani da GitHub azaman hanyar isar da fa'ida, kamar yadda aka yi a baya, har ma don sanya lambar mugaye da cin zarafi waɗanda ke rakiyar hare-hare. Gabaɗaya, ba a haramta ba don buga misalan abubuwan amfani da aka shirya a lokacin binciken tsaro da kuma shafar raunin da aka riga aka gyara, amma duk abin zai dogara ne akan yadda aka fassara kalmar "kai hari".
Misali, buga lambar JavaScript a kowane nau'i na rubutun tushe wanda ke kai hari ga mai bincike yana faɗuwa ƙarƙashin wannan ma'auni - babu abin da zai hana maharin sauke lambar tushe a cikin burauzar wanda aka azabtar ta amfani da debo, yin faci ta atomatik idan an buga samfurin amfani a cikin hanyar da ba za a iya aiki ba. , da aiwatar da shi. Hakazalika da kowace lambar, misali a cikin C++ - babu abin da zai hana ku haɗa ta akan na'urar da aka kai hari da aiwatar da ita. Idan an gano ma'aji mai irin wannan lambar, an shirya ba don share shi ba, amma don toshe hanyar shiga.
- Sashen da ya haramta "spam", magudi, shiga cikin kasuwar yaudara, shirye-shiryen keta ka'idojin kowane rukunin yanar gizo, phishing da ƙoƙarinsa an motsa shi a cikin rubutu.
- An kara sakin layi da ke bayyana yiwuwar shigar da kara idan aka samu sabani tare da toshewar.
- An ƙara wani buƙatu don masu ma'ajiyar ajiya waɗanda ke ɗaukar abun ciki mai haɗari a zaman wani ɓangare na binciken tsaro. Dole ne a ambaci kasancewar irin wannan abun cikin a sarari a farkon fayil ɗin README.md, kuma dole ne a samar da bayanan tuntuɓar a cikin fayil ɗin SECURITY.md. An bayyana cewa gabaɗaya GitHub baya cire abubuwan amfani da aka buga tare da binciken tsaro don abubuwan da aka riga aka bayyana (ba 0-day ba), amma yana da damar hana damar shiga idan ya yi la’akari da cewa akwai sauran haɗarin yin amfani da waɗannan abubuwan don kai hari na gaske. kuma a cikin sabis ɗin tallafin GitHub ya sami gunaguni game da lambar da ake amfani da ita don hare-hare.
source: budenet.ru