[SAC] [GitHub] SSH private deploy key found in commit
Michael Smith
michael.smith.erdc at gmail.com
Tue Jan 29 06:13:07 PST 2019
It’s always a mistake to publish a private key. No matter who’s it is.
Michael Smith
> On Jan 29, 2019, at 7:08 AM, Jody Garnett <jody.garnett at gmail.com> wrote:
>
> The following is of concern, I do not participate in osgeo4mac.
>
> Possibilities:
> - Is one of our three certificates purchased for signing? If we run out we will need to purchase more.
> - Is this a member of osgeo4mac making a mistake? And I am getting the email as an administrator of OSGeo GitHub?
>
> Do we have a contact point for the project?
>
> ---------- Forwarded message ---------
> From: GitHub <support at github.com>
> Date: Mon, Jan 28, 2019 at 10:02 PM
> Subject: [GitHub] SSH private deploy key found in commit
> To:
>
>
> We noticed that a valid SSH private key of yours was committed to a public GitHub repository. This key is configured as a deploy key for the OSGeo/homebrew-osgeo4mac repository. Publicly disclosing a valid SSH private key would allow other people to interact with this repository, potentially altering data.
>
> As a precautionary measure, we have unverified the SSH key. You should should generate a new SSH key and add it to the repository. We recommend you review you security log to ensure that no malicious activity has occurred: https://help.github.com/articles/reviewing-the-audit-log-for-your-organization/
>
> The commit in question is at https://github.com/OSGeo/homebrew-osgeo4mac/blob/0064004044149ba3663d6e97cf6764131bef034a/deploy_key
>
> Please feel free to contact us at https://github.com/contact if you have any questions or concerns.
>
> Thanks,
> GitHub.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20190129/6859b7cd/attachment-0001.html>
More information about the Sac
mailing list