[pytest-dev] github compromised account on organisation
Bruno Oliveira
nicoddemus at gmail.com
Thu Dec 8 09:23:27 EST 2022
Thanks Floris.
Yes, please go ahead and contact the user.
I've posted a thread about this for the Core team in the pytest-dev
Discussions, just for reference:
https://github.com/orgs/pytest-dev/teams/core/discussions/23
Cheers,
Bruno.
On Thu, Dec 8, 2022 at 10:18 AM Floris Bruynooghe <flub at devork.be> wrote:
> Hi folks,
>
> Github recently sent an email warning of a member of the pytest-dev org
> (I'm purposefully not adding identifiable information here) likely
> having a compromised API token that may have been abused. The member in
> question only has read access to all but one plugin repository so the
> impact is limited.
>
> Nevertheless we should probably contact them to ask for them to make
> sure they revoke all API tokens, replace them with more limited-scopes
> ones if possible and audit the plugin. If they can't do this or don't
> respond I guess we should (temporarily) restrict their access to the
> plugin as well.
>
> I'm happy to contact them, but also didn't do so yet just in case
> multiple folks jump on this. Probably one is enough.
>
> Cheers,
> Floris
> _______________________________________________
> pytest-dev mailing list
> pytest-dev at python.org
> https://mail.python.org/mailman/listinfo/pytest-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/pytest-dev/attachments/20221208/cd86ae24/attachment.html>
More information about the pytest-dev
mailing list