Speaking of GitHub, there is a neat trick in the way GitHub stores repositories, which you can exploit by git fetch and therefore now also by fpm.
Did you know that you can access any commit in a GitHub repository from any fork? If I would fork gtk-fortran and push a new commit (even on an orphaned branch), I could fetch from the URL of your main repository my completely unrelated commit again. I think they are even preserved indefinitely.
You won’t notice this if you clone the repository, because the objects you get by cloning only belong to the respective fork.
I don’t understand exactly how it could be possible but it seems frightening
And has GitHub ever been used for attacks? One could create an account, fork a project, put malicious code in it. Some damages could occur before it’s detected… It’s strange, I have been using GitHub for ten years, but never thought about that, probably because I used it essentially with my own projects.
Wow! Happily there is a warning: “This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.”
But it is stored in your fork? So if someone git clone from my repo he can not obtain that commit?
Anyway, that’s a very strange and frightening thing.
It seems I should… How to do that? In the GitHub settings? or git settings?
This Standard documents avoidance mechanisms for the programming language Fortran so that application developers considering Fortran or using Fortran will be better able to avoid the programming constructs that lead to vulnerabilities in software written in the Fortran language and their attendant consequences
Although it is a 50 page document, the good news is that the vulnerabilities described in the draft refer to the possibility of getting incorrect results, due for example, to failing to understand floating point arithmetic, or leaving source code past character 72 in fixed form source. They are not security issues that might allow a user of a Fortran binary to execute arbitrary code.