GitHub and Gitlab exposes all user's public SSH keys (2019)
Pretty unsafe, I think. And you can't turn it off. https://rushter.com/blog/public-ssh-keys/
Links to APIs:
https://docs.github.com/en/rest/reference/users#list-public-keys-for-a-user
https://docs.gitlab.com/ee/api/users.html#list-ssh-keys-for-user By definition, the public key is _public_, there's no real risk in publishing them. The article (2 years old) explains you could get someone's public keys from github and then compare them with other public keys (they mention on ssh servers) to see if a person is using the same key elsewhere. The argument boils down to the fact that ssh will also give you a list of valid public keys. It doesn't seem very critical to me, and anyone who is worried could just use a different key for github which is good practice anyway imo Public key, by definition, is public. Exposing something that’s public can do very little harm. Here is more discussion: https://security.stackexchange.com/questions/150540/is-it-co...