Other Urgently needed: Help with reading GitHub

Hi, I am currently stuck on doing "code forensics" on GitHub.

Here's the story: This guy here had an idea about doing something: https://blog.kmkonline.co.id/rotating-ruby-on-rails-secret-key-base-9a4dcdf0d817
I was pondering about the similar idea, if it were 1. possible and 2. feasible to do such a thing - and then I found this article: he has already done it, and it works.

But, as this is web security related stuff, you would not just copy some code from the internet and run it without further research.
The original code is on GitHub, and there I find two strangely contradicting commits. They concern the "documentation"(1) paper, which they also maintain on GitHub. And i think, it makes sense first to look at the documentation and understand what they are trying to do, before looking at the code on how they are trying to do it.

But then, on this page, some explanations have been added to the documentation:

And, appearingly two days later, on this page those explanations which I am concerned about have disappeared again:

I am not asking anybody to understnad what this stuff is about, but here I'm stuck with reading GitHub: I have found these two seemingly unrelated "commits", but there seems to be no way to get a consistent storyline, or at least a timeline or history on what has happened to that file in sequence, with proper assorted commentary (2). Instead, I just see a commit-identifier that says "f60bf5af9faf6f8e24a5f95331f38f4dbec7aed9". Great. That's a random key - what should I do with that? Do they work with just a random heap of commits, with no relation and no timeline whatsoever? How do I get to any relevant information from here (like what happened to that file interim, before and after), to get some clues on what they are doing and which goal they are moving towards, and then to unravel the matter from there?


And, btw, this is the reason why I dislike Linux: they had that kind of working style already back in 1994, and nothing has changed interim. You could never pinpoint any authoritative version of some code, it was all just a big heap(3), just like this heap of commits here appears; and You couldn't figure out anybody doing a thing somewere, because everybody was doing something anywhere, with no coordination whatsoever.(4)

----------------
1) They're not strong on documentation. Thats culture there; it's called "Agile". nqa
2) Like I would get it instantly from SVN.
3) the style was later coined "bazaar", in contrast to the "cathedral" of orderly software development (already then I was thinking that here at FreeBSD the best of both worlds is used).
4) but they are good at marketing; they have declared the whole nuisance a feature, named it "Agile", and now lots of consulting agencies make really big money selling that to the big corps as the new working style. Slowly they figure that it doesn't work at all, so they simply re-coin it as "devops" and sell it again...

---------------
Addendum: Whow, that forum software kicks it!! I dont get the information I need, but now I get PICTURES! If I were on Facebook, I could probably even LIKE them! ☠
 
Do they work with just a random heap of commits, with no relation and no timeline whatsoever?

In git each commit has a parent commit.

How do I get to any relevant information from here (like what happened to that file interim, before and after), to get some clues on what they are doing and which goal they are moving towards, and then to unravel the matter from there?

Click on a "View File" button, then on a "History" button.
 
  • Thanks
Reactions: PMc
In git each commit has a parent commit.

Ah, I was (half) wrong. It's not a random heap, it's a somehow tree-structured heap (not exactly tree, as branches can join again). I tried that button, but got lost in forever.

Click on a "View File" button, then on a "History" button.

Yes, that helps! :) Thanks a lot, that's what I was looking for!
 
Back
Top