[SAC] [GitHub] SSH private deploy key found in commit

Alex M tech_dev at wildintellect.com
Tue Jan 29 09:29:28 PST 2019 

There's a ticket in osgeo4mac on the topic, I commented on it there.
https://github.com/OSGeo/homebrew-osgeo4mac/issues/642

I think all OSGeo org Github admins got the email.

Thanks,
Alex

On 1/29/19 07:22, Even Rouault wrote:
> Hi,
> 
> I also received this notice and forwarded it to Denis Rouzaud (CC'ed) who has 
> coordinated/been involved in OSGeo4Mac efforts
> 
> Even
> 
>> It’s always a mistake to publish a private key. No matter who’s it is.
>>
>> Michael Smith
>>
>>> On Jan 29, 2019, at 7:08 AM, Jody Garnett <jody.garnett at gmail.com> wrote:
>>>
>>> The following is of concern, I do not participate in osgeo4mac.
>>>
>>> Possibilities:
>>> - Is one of our three certificates purchased for signing? If we run out we
>>> will need to purchase more. - Is this a member of osgeo4mac making a
>>> mistake? And I am getting the email as an administrator of OSGeo GitHub?
>>>
>>> Do we have a contact point for the project?
>>>
>>> ---------- Forwarded message ---------
>>> From: GitHub <support at github.com>
>>> Date: Mon, Jan 28, 2019 at 10:02 PM
>>> Subject: [GitHub] SSH private deploy key found in commit
>>> To:
>>>
>>>
>>> We noticed that a valid SSH private key of yours was committed to a public
>>> GitHub repository. This key is configured as a deploy key for the
>>> OSGeo/homebrew-osgeo4mac repository. Publicly disclosing a valid SSH
>>> private key would allow other people to interact with this repository,
>>> potentially altering data.
>>>
>>> As a precautionary measure, we have unverified the SSH key. You should
>>> should generate a new SSH key and add it to the repository. We recommend
>>> you review you security log to ensure that no malicious activity has
>>> occurred:
>>> https://help.github.com/articles/reviewing-the-audit-log-for-your-organiz
>>> ation/
>>>
>>> The commit in question is at
>>> https://github.com/OSGeo/homebrew-osgeo4mac/blob/0064004044149ba3663d6e97
>>> cf6764131bef034a/deploy_key
>>>
>>> Please feel free to contact us at https://github.com/contact if you have
>>> any questions or concerns.
>>>
>>> Thanks,
>>> GitHub.com
> 
>

More information about the Sac mailing list