Hi folks, Github recently sent an email warning of a member of the pytest-dev org (I'm purposefully not adding identifiable information here) likely having a compromised API token that may have been abused. The member in question only has read access to all but one plugin repository so the impact is limited.
Nevertheless we should probably contact them to ask for them to make sure they revoke all API tokens, replace them with more limited-scopes ones if possible and audit the plugin. If they can't do this or don't respond I guess we should (temporarily) restrict their access to the plugin as well. I'm happy to contact them, but also didn't do so yet just in case multiple folks jump on this. Probably one is enough. Cheers, Floris _______________________________________________ pytest-dev mailing list pytest-dev@python.org https://mail.python.org/mailman/listinfo/pytest-dev
