Thanks Floris. Yes, please go ahead and contact the user.
I've posted a thread about this for the Core team in the pytest-dev Discussions, just for reference: https://github.com/orgs/pytest-dev/teams/core/discussions/23 Cheers, Bruno. On Thu, Dec 8, 2022 at 10:18 AM Floris Bruynooghe <f...@devork.be> wrote: > Hi folks, > > Github recently sent an email warning of a member of the pytest-dev org > (I'm purposefully not adding identifiable information here) likely > having a compromised API token that may have been abused. The member in > question only has read access to all but one plugin repository so the > impact is limited. > > Nevertheless we should probably contact them to ask for them to make > sure they revoke all API tokens, replace them with more limited-scopes > ones if possible and audit the plugin. If they can't do this or don't > respond I guess we should (temporarily) restrict their access to the > plugin as well. > > I'm happy to contact them, but also didn't do so yet just in case > multiple folks jump on this. Probably one is enough. > > Cheers, > Floris > _______________________________________________ > pytest-dev mailing list > pytest-dev@python.org > https://mail.python.org/mailman/listinfo/pytest-dev >
_______________________________________________ pytest-dev mailing list pytest-dev@python.org https://mail.python.org/mailman/listinfo/pytest-dev