Temporarily disabled releases for DCD, D-Scanner, dfmt
WebFreak001
d.forum at webfreak.org
Wed May 5 15:13:17 UTC 2021
On Wednesday, 5 May 2021 at 12:39:47 UTC, Basile B. wrote:
> On Wednesday, 5 May 2021 at 12:26:52 UTC, WebFreak001 wrote:
>> [...]
>
> No this kind of stuff (CI, devop,...) were always managed by
> Seb. Eventually maybe the owner of the tokens would be
> HackerPilot ?
oh right sorry, thought that was the case because they broke
roughly around that time.
>> [...]
>
> BTW for the other folks who maybe are not sure what to do: the
> big problem was when your CI exposed secrets. If you dont
> expose secrets, like personnal access tokens, you migh have
> received an alarmous mail, like the one mentioned, but it does
> not mean that there's a problem.
>
> The reason why you might got the email is that at the account
> level (personnal or organization)
>
> 1. you have defined one token.
> 2. one of the repo registered under this ID uses CodeCov.
> 3. by security they sent the mail.
>
> And even if you have exposed the secret, it does not mean that
> it had a **Write Access**.
I think it was compromised because they sent me a mail that it
had been used in "suspicious requests" along with information of
the IPs that made the requests.
More information about the Digitalmars-d
mailing list