Aftercare for Users of Versions with Potentially Exposed Secrets #2477
Comments
|
Could GitHub not just do a site-wide scan of all the affected tokens printed in logs, and use the secret scanning revocation infra to mark them as leaked? |
|
Hi @ryo-kagawa Thank you for your thoughtful proposal and for raising an important point about addressing potential exposure of secrets. I completely understand your concern and the intent to proactively notify users about potential risks. However, modifying existing tags and appending build metadata can create significant challenges. These changes would break workflows that rely on immutable tags, violate Git best practices, and introduce unnecessary complexity that could confuse users. Such actions might unintentionally disrupt processes for many users, which is something we want to avoid. Instead, we’ve chosen a more stable and user-friendly approach. We are addressing the issue through clear communication in release notes, repository advisories, and other channels. This ensures users are informed about the need to rotate secrets without disrupting their workflows or introducing changes that could lead to misunderstandings. I truly appreciate the care and thoughtfulness behind your suggestion, and I hope this explanation provides clarity on why we’ve taken this approach. Thank you again for raising this, and we consider the matter resolved. If you have any further concerns or ideas, I’m happy to discuss them. |
It's fine to break the workflows I'd say in this case. |
I propose this suggestion while acknowledging that it may be considered a non-recommended flow.
I understand that rejection of this proposal is a natural possibility.
Necessity for Aftercare
Here's the detailed proposal
This will at least let you know that secrets need to be rotated if the user is using a problematic version at the time of the action.
The text was updated successfully, but these errors were encountered: