stop syncing and delete labs/private repo from github
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	Dzahn
	Aug 22 2022, 7:16 PM

Description

The labs/private git repo is known and NOT private. It contains fake secrets.

We also sync it from Gerrit to Github and then every once in a while we get messages from users who find this and assume it's an accidental leak. They they contact us like they are reporting a security issue.

Similar with automatic scans and warnings such as this:

"GitGuardian has detected the following OpenSSH Private Key exposed within your GitHub account."

This just makes me think we should stop having that repo on github. We should use Gerrit and/or Gitlab and that should be enough for it and it stops the false alerts.

Event Timeline

Dzahn created this task.Aug 22 2022, 7:16 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 22 2022, 7:16 PM

Dzahn added a subscriber: Reedy.Aug 22 2022, 7:18 PM

Peachey88 subscribed.Aug 22 2022, 9:26 PM

Ladsgroup triaged this task as Low priority.Aug 24 2022, 8:49 AM

LSobanski added a project: collaboration-services.Jan 9 2023, 12:42 PM

LSobanski edited projects, added Release-Engineering-Team; removed collaboration-services, SRE.Jan 9 2023, 4:50 PM

• demon moved this task from Backlog to delete on the Wikimedia-GitHub board.Feb 2 2023, 2:44 AM

Despite the name, the contents of this repo is publicly visible!

I'm inclined to not worry too much about this.

Easy fix is to just set the repo to private on Github (just done). Then nobody will see it and send us warnings, and Gerrit replication doesn't need any special-casing to skip it.

:))

stop syncing and delete labs/private repo from githubClosed, ResolvedPublicActions

Description

Event Timeline

stop syncing and delete labs/private repo from github
Closed, ResolvedPublic
Actions