Temporarily disabled releases for DCD, D-Scanner, dfmt
Basile B.
b2.temp at gmx.com
Wed May 5 15:27:17 UTC 2021
On Wednesday, 5 May 2021 at 15:13:17 UTC, WebFreak001 wrote:
> On Wednesday, 5 May 2021 at 12:39:47 UTC, Basile B. wrote:
>> On Wednesday, 5 May 2021 at 12:26:52 UTC, WebFreak001 wrote:
>>> [...]
>>
>> No this kind of stuff (CI, devop,...) were always managed by
>> Seb. Eventually maybe the owner of the tokens would be
>> HackerPilot ?
>
> oh right sorry, thought that was the case because they broke
> roughly around that time.
>
>>> [...]
>>
>> BTW for the other folks who maybe are not sure what to do: the
>> big problem was when your CI exposed secrets. If you dont
>> expose secrets, like personnal access tokens, you migh have
>> received an alarmous mail, like the one mentioned, but it does
>> not mean that there's a problem.
>>
>> The reason why you might got the email is that at the account
>> level (personnal or organization)
>>
>> 1. you have defined one token.
>> 2. one of the repo registered under this ID uses CodeCov.
>> 3. by security they sent the mail.
>>
>> And even if you have exposed the secret, it does not mean that
>> it had a **Write Access**.
>
> I think it was compromised because they sent me a mail that it
> had been used in "suspicious requests" along with information
> of the IPs that made the requests.
I did not get this one for my gitlab stuff. I got the first one
like everyone. A second a few days ago, saying "you're
compromised", but there was no details like an IP.
Anyway you should try to push a tag in one of the repo with the
new token. There are chances that this will not work, as those
you deleted did not either, as it did not way before the codecov
security event.
More information about the Digitalmars-d
mailing list