[pytest-dev] github compromised account on organisation
nicoddemus at gmail.com
Thu Dec 8 09:23:27 EST 2022
Yes, please go ahead and contact the user.
I've posted a thread about this for the Core team in the pytest-dev
Discussions, just for reference:
On Thu, Dec 8, 2022 at 10:18 AM Floris Bruynooghe <flub at devork.be> wrote:
> Hi folks,
> Github recently sent an email warning of a member of the pytest-dev org
> (I'm purposefully not adding identifiable information here) likely
> having a compromised API token that may have been abused. The member in
> question only has read access to all but one plugin repository so the
> impact is limited.
> Nevertheless we should probably contact them to ask for them to make
> sure they revoke all API tokens, replace them with more limited-scopes
> ones if possible and audit the plugin. If they can't do this or don't
> respond I guess we should (temporarily) restrict their access to the
> plugin as well.
> I'm happy to contact them, but also didn't do so yet just in case
> multiple folks jump on this. Probably one is enough.
> pytest-dev mailing list
> pytest-dev at python.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pytest-dev