![](https://lemmy.nz/pictrs/image/5eb39c6b-a1f0-4cba-9832-40a5d8ffb76a.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
The article is really not clear. Is it saying if a project is forked, then the original is made private, the fork can access data from the private fork?
potentially enabling malicious actors to access sensitive information such as API keys and secrets even after users think they’ve deleted it.
Is this saying people misunderstand git and think committing a deletion makes people unable to access the previous version? Or is it saying the sharing between public and private repos can expose keys in private repos?
If you accidentally commit an API key into a public repository… you need to roll that key. Even if it was deleted completely, someone still could have accessed it while it was there.
Peak Lemmy users happened, it was in the later part of last year as a result of the reddit API controversy. No one expected that to stay, and users slowly waned after this as expected.
I’d say we’re in a maintenance phase at the moment. Active users is somewhat steady, posts and comments are somewhat steady. There are around 45k active users, but note that Lemmy counts this different than other sites. For later Lemmy versions, you need to comment, post, or vote to be considered. Lurkers that don’t vote (whether logged in or not) are not counted at all.
Growing more will probably happen after some other event to dive people away from reddit.