+1 It is surprising this was not caught by GitHub.
https://docs.github.com/en/code-security/secret-security/about-secret-scanning <https://docs.github.com/en/code-security/secret-security/about-secret-scanning> Thanks for raising this. > On Mar 24, 2021, at 7:32 PM, Mukul Kumar Singh <mksingh.apa...@gmail.com> > wrote: > > Hi, > > > Recently, through one of the jiras(HDDS-4864), aws_secret_access_key was > committed into Ozone's source code. Secrets, gpg passphrases, passwords, ssh > private files should not be committed into Ozone source code as they leak > credentials into the source code. > > This issue will be solved via the following steps > > a) The above commit will be removed from the Ozone commit history. We will > force push to the Ozone master branch with this commit removed. > > b) A new commit hook/ CI check will be added to prevent this from hapennening > again. > > Please hold off on merging any new changes into Ozone until the commit is > removed from Apache commit history. > > Thanks, > > Mukul > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org > For additional commands, e-mail: dev-h...@ozone.apache.org >
