It is thinking like this that leads companies from being awesome. I've known a couple people in real life that this has happened to. It is stupid and wasteful.
It's not an obligation, but neither is running a free git repository :) It would be a nice help though. One that can save some people $2k - not many software features have this kind of immediate impact :)
Nobody said it was their responsibility. If adding an optional feature that prevents you from shooting yourself in the foot makes people like github more, maybe it's worth it to them. "Responsibility" has nothing to do with it.
> Maybe you should rethink your policy either way.
Do you have articles discussing the cons of AWS keys in private repos?
We deploy our systems on vanilla EC2 instances, which are configured by using a server orchestration system (Ansible). So for any env variables to get set, we'd have to put them in config scripts, which are currently checked into github.
To make it clear, we only check in our IAM keys that are AWS service specific, like SES.