[SAC] [GitHub] SSH private deploy key found in commit

Jody Garnett jody.garnett at gmail.com
Tue Feb 12 09:38:18 PST 2019 

This continues to happen - suggestions?

On Tue, Jan 29, 2019 at 9:29 AM Alex M <tech_dev at wildintellect.com> wrote:

> There's a ticket in osgeo4mac on the topic, I commented on it there.
> https://github.com/OSGeo/homebrew-osgeo4mac/issues/642
>
> I think all OSGeo org Github admins got the email.
>
> Thanks,
> Alex
>
> On 1/29/19 07:22, Even Rouault wrote:
> > Hi,
> >
> > I also received this notice and forwarded it to Denis Rouzaud (CC'ed)
> who has
> > coordinated/been involved in OSGeo4Mac efforts
> >
> > Even
> >
> >> It’s always a mistake to publish a private key. No matter who’s it is.
> >>
> >> Michael Smith
> >>
> >>> On Jan 29, 2019, at 7:08 AM, Jody Garnett <jody.garnett at gmail.com>
> wrote:
> >>>
> >>> The following is of concern, I do not participate in osgeo4mac.
> >>>
> >>> Possibilities:
> >>> - Is one of our three certificates purchased for signing? If we run
> out we
> >>> will need to purchase more. - Is this a member of osgeo4mac making a
> >>> mistake? And I am getting the email as an administrator of OSGeo
> GitHub?
> >>>
> >>> Do we have a contact point for the project?
> >>>
> >>> ---------- Forwarded message ---------
> >>> From: GitHub <support at github.com>
> >>> Date: Mon, Jan 28, 2019 at 10:02 PM
> >>> Subject: [GitHub] SSH private deploy key found in commit
> >>> To:
> >>>
> >>>
> >>> We noticed that a valid SSH private key of yours was committed to a
> public
> >>> GitHub repository. This key is configured as a deploy key for the
> >>> OSGeo/homebrew-osgeo4mac repository. Publicly disclosing a valid SSH
> >>> private key would allow other people to interact with this repository,
> >>> potentially altering data.
> >>>
> >>> As a precautionary measure, we have unverified the SSH key. You should
> >>> should generate a new SSH key and add it to the repository. We
> recommend
> >>> you review you security log to ensure that no malicious activity has
> >>> occurred:
> >>>
> https://help.github.com/articles/reviewing-the-audit-log-for-your-organiz
> >>> ation/
> >>>
> >>> The commit in question is at
> >>>
> https://github.com/OSGeo/homebrew-osgeo4mac/blob/0064004044149ba3663d6e97
> >>> cf6764131bef034a/deploy_key
> >>>
> >>> Please feel free to contact us at https://github.com/contact if you
> have
> >>> any questions or concerns.
> >>>
> >>> Thanks,
> >>> GitHub.com
> >
> >
>
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/sac

-- 
--
Jody Garnett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20190212/92c770c5/attachment.html>

More information about the Sac mailing list