> This time, the reason was – as usual – plain old human error. Someone published GitHub's private RSA keys in a repository on GitHub itself.
Not human error. This is a systemic error which should not be possible in system which considers security at all. Nobody that incompetent should have access to those keys.
Not publishing private keys is security 101. Fuck, it's security 1.
This is a major fuck up revealing shockingly* bad internal operations and it should be a cause of concern for anyone relying on github (or, surprise!, anything else made by its owner). It's not a minor whoopsie.
[*] OK so it's not a shock, but still...