[SAC] [GitHub] SSH private deploy key found in commit

[Even Rouault]

Hi,

I also received this notice and forwarded it to Denis Rouzaud (CC'ed) who has 
coordinated/been involved in OSGeo4Mac efforts

Even

> It’s always a mistake to publish a private key. No matter who’s it is.
> 
> Michael Smith
> 
> > On Jan 29, 2019, at 7:08 AM, Jody Garnett <jody.garnett at gmail.com> wrote:
> > 
> > The following is of concern, I do not participate in osgeo4mac.
> > 
> > Possibilities:
> > - Is one of our three certificates purchased for signing? If we run out we
> > will need to purchase more. - Is this a member of osgeo4mac making a
> > mistake? And I am getting the email as an administrator of OSGeo GitHub?
> > 
> > Do we have a contact point for the project?
> > 
> > ---------- Forwarded message ---------
> > From: GitHub <support at github.com>
> > Date: Mon, Jan 28, 2019 at 10:02 PM
> > Subject: [GitHub] SSH private deploy key found in commit
> > To:
> > 
> > 
> > We noticed that a valid SSH private key of yours was committed to a public
> > GitHub repository. This key is configured as a deploy key for the
> > OSGeo/homebrew-osgeo4mac repository. Publicly disclosing a valid SSH
> > private key would allow other people to interact with this repository,
> > potentially altering data.
> > 
> > As a precautionary measure, we have unverified the SSH key. You should
> > should generate a new SSH key and add it to the repository. We recommend
> > you review you security log to ensure that no malicious activity has
> > occurred:
> > https://help.github.com/articles/reviewing-the-audit-log-for-your-organiz
> > ation/
> > 
> > The commit in question is at
> > https://github.com/OSGeo/homebrew-osgeo4mac/blob/0064004044149ba3663d6e97
> > cf6764131bef034a/deploy_key
> > 
> > Please feel free to contact us at https://github.com/contact if you have
> > any questions or concerns.
> > 
> > Thanks,
> > GitHub.com


-- 
Spatialys - Geospatial professional services
http://www.spatialys.com