“The implication here is that any code committed to a public repository may be accessible forever as long as there is at least one fork of that repository,” the report’s authors claim.
Am I dumb or is this exactly the purpose of forks? I feel like I’m missing something.
If you only ever keep your repository private AND it is not a fork of a public repo, then you are fine. Full stop.
If you ever fork the repo and make a “INTERNAL” private fork but move the main project public then anything you commit to the private fork will be discoverable through the public project.
Basically you should assume if you make a repo public then the repo and all of its forks will be public-- even if the forks are “private” the commit data can be found through the main repo.