Roy, I will quote from https://www.mediawiki.org/wiki/Reporting_security_bugs "We support responsible disclosure <https://en.wikipedia.org/wiki/responsible_disclosure> and we hope that anyone who finds a potential security issue in our ecosystem acts with discretion and forbearance" Thank you.
For everyone else, yes protecting the secrets that you place in your tools account is a good idea. On Wed, Jan 29, 2020 at 7:53 PM Roy Smith <r...@panix.com> wrote: > I was poking around in /data/project/ just now, looking for examples of > how other tools set up their django apps. I was surprised (well, only a > little) to discover that there's a few world-readable app.py files that > have their django_secrets embedded in them. > > That's not a good idea folks. Secrets should not be stored anyplace > that's world-readable. > > > _______________________________________________ > Wikimedia Cloud Services mailing list > Cloud@lists.wikimedia.org (formerly lab...@lists.wikimedia.org) > https://lists.wikimedia.org/mailman/listinfo/cloud -- Nick "Quiddity" Wilson (he/him) Community Engagement - Documentation Wikimedia Foundation
_______________________________________________ Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly lab...@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
