Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [theia-dev] Committer action needed: Travis-CI secrets leak
Thank you Thomas for the clarification!

On Wed, Sep 29, 2021 at 10:30 AM Thomas Mäder <tmader@xxxxxxxxxx> wrote:
Hi Artem,


------ Original Message ------
From: "Artem Zatsarynnyi" <azatsary@xxxxxxxxxx>
To: "Thomas Mäder" <tmader@xxxxxxxxxx>; "theia developer discussions" <theia-dev@xxxxxxxxxxx>
Sent: 28/09/2021 17:07:55
Subject: Re: [theia-dev] Committer action needed: Travis-CI secrets leak

Hello,

Thomas, during today's community call you've asked if Roman and I sent an answer via the google form.
We're curious is there any reason why our accounts (among all the others) caught your attention?
No particular reason except that I know you both are committers and you were in the call: I was wondering if my email was getting stuck in people's spam folders or unclear.



Also, could you please share how these answers are going to help with checking that no one
has used leaked credentials to inject malicious code into Theia-related Github repositories?
Or is it for a different purpose?
It does not help us check now, but if credentials were leaked, we need to make them invalid in order to prevent people from injecting stuff into Github repos in the future. A committer may have put a personal Github token into an environment variable on Travis for an unrelated repository. But that access token might still give write access to a Theia-related repo. So we're asking committers to replace their tokens if they might have leaked. 

/Thomas




--

Artem Zatsarynnyi

Red Hat

Back to the top