[
https://issues.apache.org/jira/browse/HADOOP-15069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16266708#comment-16266708
]
Steve Loughran commented on HADOOP-15069:
-----------------------------------------
no, only those lines were autogenerated. The rest were built by trial and
error: running the script and seeing what failed. The regexp and those strings
are enough to keep the current source code and any new commits happy. The
regexp didn't work for old repos, so I tried to insert the explicit strings,
but eventually gave up.
The key thing is with this file, if the user installs the git secrets hook &
registers the AWS secrets, then they are kept out of source
> support git-secrets commit hook to keep AWS secrets out of git
> --------------------------------------------------------------
>
> Key: HADOOP-15069
> URL: https://issues.apache.org/jira/browse/HADOOP-15069
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: build
> Affects Versions: 3.0.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Minor
> Attachments: HADOOP-15069-001.patch, HADOOP-15069-002.patch
>
>
> The latest Uber breach looks like it involved AWS keys in git repos.
> Nobody wants that, which is why amazon provide
> [git-secrets|https://github.com/awslabs/git-secrets]; a script you can use to
> scan a repo and its history, *and* add as an automated check.
> Anyone can set this up, but there are a few false positives in the scan,
> mostly from longs and a few all-upper-case constants. These can all be added
> to a .gitignore file.
> Also: mention git-secrets in the aws testing docs; say "use it"
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
