I agree with Marton. +1 for Marton's proposal. - Vivek Subramanian
On Wed, Mar 24, 2021 at 11:32 PM Elek, Marton <e...@apache.org> wrote: > > > > -1 > > > 1. If you are interested about the opinion of all the other > contributors, please start a discussion which is inclusive for all the > timezones and wait at least one day. > > 2. Force push is a very intrusive way, it causes new problems and it > doesn't solve the original problem itself. If any real secret is leaked, > it's already unsafe to use, independent if you remove it from the > history or not. > > There are bots which scans new commits and there are archives of the > github events (like https://www.gharchive.org/). Removing the commit > doesn't solve the problem as the secret is already leaked. > > It's not safe to use that secret any more whether you force push or not. > > 3. The right approach IMHO is revoking and invalidating the secret > itself and simply revert the commit. > > 4. Force-pushing invalidates all of our commit ids which are part of > our development history: the pull requests. All the merge links on the > reworked PRs no points to invalid commits which are not part of the master. > > 5. Force push is useless as you should force-push to all the forks > which includes the commit (impossible). > > 6. Force-push would be required not only to the master but to all the > existing feature-branch too (which would invalidate existing commits, > there, too.) (For example see git log origin/HDDS-2823 --grep=HDDS-4864) > > But it also requires to rewrite all the branches one (to rewrite the > merge commits only once) > > 7. Force-push is not safe, it's very easy to make a mistake by any > other developers. Push the old branches from local to any other branches > or forks where the secrets will remain be exposed. > > My proposal is: > > 1. Restore the master to the previous state. > 2. Invalidate/revoke the leaked secret ASAP > 3. Revert the problematic commit and recommit it without the problems > 4. (IN the future) do discussions which includes all the time-zones. > > Thanks, > Marton > > > > On 3/25/21 3:32 AM, Mukul Kumar Singh wrote: > > Hi, > > > > > > Recently, through one of the jiras(HDDS-4864), aws_secret_access_key was > > committed into Ozone's source code. Secrets, gpg passphrases, passwords, > > ssh private files should not be committed into Ozone source code as they > > leak credentials into the source code. > > > > This issue will be solved via the following steps > > > > a) The above commit will be removed from the Ozone commit history. We > > will force push to the Ozone master branch with this commit removed. > > > > b) A new commit hook/ CI check will be added to prevent this from > > hapennening again. > > > > Please hold off on merging any new changes into Ozone until the commit > > is removed from Apache commit history. > > > > Thanks, > > > > Mukul > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org > > For additional commands, e-mail: dev-h...@ozone.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org > For additional commands, e-mail: dev-h...@ozone.apache.org > > -- Regards, Vivek Subramanian
