Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The private key isn’t a key in the “API KEY” sense, it’s a key in the “public/private key pair” sense. It’s not sent to github and there’s no way for them to know if the signing of the token used to make the call happened in a secure manner or not, because github doesn’t receive the key as part of the request at all.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: