> True, but it is better than the secrets becoming entirely public, automated bots could be harvesting them and exploiting the resources they protect.

True. And some popular repos do already run into this problem. So it’s not a theoretical problem.

> I would be surprised to here that GitHub doesn't actually run git on their servers.

They’ve documented about how their backend works so there’s no need to speculate. They run an implementation of git but not the standard git CLI.

> If they receive git pushes using git, then own git hooks are involved, ones that GitHub has written for their own purposes. They could simply add one to block bad pushes.

They have their automation, GitHub Actions.

Sure they “could” also implement what you’ve described but it’s not how it currently works. So a pointless argument since we could be here all year discussing the literal infinity of different things Github “could” do in theory but that their infrastructure doesn’t currently support.

> That sounds a bit terrifying to me, but I'm not of the GitHub generation.

What I posted has literally nothing to do with GitHub. In fact if your origin is private git server (as I started out using git, since GitHub didn’t exist back then) then it’s even easier to designate a trusted origin. This approach makes total sense for businesses. Doesn’t work so well for open source but it’s just one option of many.

> That sounds like it would enable phishing-like attacks and people just clicking "yeah sure" without verifying the safety of the hook.

Potentially yes. But if you’re cloning a git repo, making code changes and then committing it back, you’d hope that individual is competent enough to audit the git hook. At the very least, they’ll be running the build scripts locally to unit test their changes, so it’s not like that phishing attack isn’t already present. Feels very much like you’re looking for reasons to dismiss any suggestions here rather than have an intelligent discussion.