summaryrefslogtreecommitdiff
path: root/.github
diff options
context:
space:
mode:
authorHarmen Stoppels <harmenstoppels@gmail.com>2020-07-17 02:27:37 +0200
committerGregory Becker <becker33@llnl.gov>2020-07-23 13:52:09 -0700
commit24dff9cf20e6a7592eb56e734f1cf4563db8a29d (patch)
treeaeab0bd23d14f1537681d955b48ffcf332431784 /.github
parente4265d31352ce6f6c23a732829c47bc768a1c79a (diff)
downloadspack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.gz
spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.bz2
spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.xz
spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.zip
Fix security issue in CI (#17545)
The `spack-build-env.txt` file may contains many secrets, but the obvious one is the private signing key in `SPACK_SIGNING_KEY`. This file is nonetheless uploaded as a build artifact to gitlab. For anyone running CI on a public version of Gitlab this is a major security problem. Even for private Gitlab instances it can be very problematic. Co-authored-by: Scott Wittenburg <scott.wittenburg@kitware.com>
Diffstat (limited to '.github')
0 files changed, 0 insertions, 0 deletions