The only security incident I've had in my career was due to Git Butler - it committed temporary files into GitHub without me explicitly approving it! Of course, it was a private repository, but still, it became impossible to delete those secrets because there were plenty of commits afterward. Given the large file tree and many updated files in the commit, it wasn't apparent that those folders got sneaked into the commit.
So, I really hope security incidents don't come after Git!
Just a reminder that even if you managed to amend those commits and force-push, the commits would still exist and will be addressable given the hash is known.
Couldn’t you expire the reflog entry and prune the db to remove it entirely?
Can't they be purged if they are dangling and the housekeeping is ran?
https://stackoverflow.com/a/47771133/8662097