sbp opened a new issue, #828: URL: https://github.com/apache/tooling-trusted-releases/issues/828
Derived from #732. Our solution to revoke JWTs in an emergency is to expire _all_ JWTs. We expect to use this seldom. The same solution cannot, however, be used for expiring JWTs associated with a revoked PAT. I would just consider them separate credentials, unless the PAT itself is being revoked because it was leaked. In that case, that is an emergency and all JWTs can be revoked. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
