Me: Let's back up the NixOS configs of our remote clients through SFTPGo on our file server by using a shuttle method via the after_download hook so the real filesystem is rarely ever touched.

My collegues: Just dump it all into a private Github repo.

Have I lost my sanity or are my standards too high? But last I checked, Microsoft scanned basically all the repos for everything. As far as I know, this is technically handing over sensitive customer data (and two of them are banks) to a third party. And to Microsoft in 300% AI craze, no less.