[SAC] Fwd: [GitHub] SSH private deploy key found in commit
Jody Garnett
jody.garnett at gmail.com
Tue Jan 29 06:08:50 PST 2019
The following is of concern, I do not participate in osgeo4mac.
Possibilities:
- Is one of our three certificates purchased for signing? If we run out we
will need to purchase more.
- Is this a member of osgeo4mac making a mistake? And I am getting the
email as an administrator of OSGeo GitHub?
Do we have a contact point for the project?
---------- Forwarded message ---------
From: GitHub <support at github.com>
Date: Mon, Jan 28, 2019 at 10:02 PM
Subject: [GitHub] SSH private deploy key found in commit
To:
We noticed that a valid SSH private key of yours was committed to a public
GitHub repository. This key is configured as a deploy key for the
OSGeo/homebrew-osgeo4mac repository. Publicly disclosing a valid SSH
private key would allow other people to interact with this repository,
potentially altering data.
As a precautionary measure, we have unverified the SSH key. You should
should generate a new SSH key and add it to the repository. We recommend
you review you security log to ensure that no malicious activity has
occurred:
https://help.github.com/articles/reviewing-the-audit-log-for-your-organization/
The commit in question is at
https://github.com/OSGeo/homebrew-osgeo4mac/blob/0064004044149ba3663d6e97cf6764131bef034a/deploy_key
Please feel free to contact us at https://github.com/contact if you have
any questions or concerns.
Thanks,
GitHub.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20190129/b23b746c/attachment.html>
More information about the Sac
mailing list