-1
1. If you are interested about the opinion of all the other
contributors, please start a discussion which is inclusive for all the
timezones and wait at least one day.
2. Force push is a very intrusive way, it causes new problems and it
doesn't solve the original problem itself. If any real secret is leaked,
it's already unsafe to use, independent if you remove it from the
history or not.
There are bots which scans new commits and there are archives of the
github events (like https://www.gharchive.org/). Removing the commit
doesn't solve the problem as the secret is already leaked.
It's not safe to use that secret any more whether you force push or not.
3. The right approach IMHO is revoking and invalidating the secret
itself and simply revert the commit.
4. Force-pushing invalidates all of our commit ids which are part of
our development history: the pull requests. All the merge links on the
reworked PRs no points to invalid commits which are not part of the master.
5. Force push is useless as you should force-push to all the forks
which includes the commit (impossible).
6. Force-push would be required not only to the master but to all the
existing feature-branch too (which would invalidate existing commits,
there, too.) (For example see git log origin/HDDS-2823 --grep=HDDS-4864)
But it also requires to rewrite all the branches one (to rewrite the
merge commits only once)
7. Force-push is not safe, it's very easy to make a mistake by any
other developers. Push the old branches from local to any other branches
or forks where the secrets will remain be exposed.
My proposal is:
1. Restore the master to the previous state.
2. Invalidate/revoke the leaked secret ASAP
3. Revert the problematic commit and recommit it without the problems
4. (IN the future) do discussions which includes all the time-zones.
Thanks,
Marton
On 3/25/21 3:32 AM, Mukul Kumar Singh wrote:
Hi,
Recently, through one of the jiras(HDDS-4864), aws_secret_access_key was
committed into Ozone's source code. Secrets, gpg passphrases, passwords,
ssh private files should not be committed into Ozone source code as they
leak credentials into the source code.
This issue will be solved via the following steps
a) The above commit will be removed from the Ozone commit history. We
will force push to the Ozone master branch with this commit removed.
b) A new commit hook/ CI check will be added to prevent this from
hapennening again.
Please hold off on merging any new changes into Ozone until the commit
is removed from Apache commit history.
Thanks,
Mukul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org
For additional commands, e-mail: dev-h...@ozone.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org
For additional commands, e-mail: dev-h...@ozone.apache.org
