diff options
author | Harmen Stoppels <harmenstoppels@gmail.com> | 2020-07-17 02:27:37 +0200 |
---|---|---|
committer | Gregory Becker <becker33@llnl.gov> | 2020-07-23 13:52:09 -0700 |
commit | 24dff9cf20e6a7592eb56e734f1cf4563db8a29d (patch) | |
tree | aeab0bd23d14f1537681d955b48ffcf332431784 /.github | |
parent | e4265d31352ce6f6c23a732829c47bc768a1c79a (diff) | |
download | spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.gz spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.bz2 spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.xz spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.zip |
Fix security issue in CI (#17545)
The `spack-build-env.txt` file may contains many secrets, but the obvious one is the private signing key in `SPACK_SIGNING_KEY`. This file is nonetheless uploaded as a build artifact to gitlab. For anyone running CI on a public version of Gitlab this is a major security problem. Even for private Gitlab instances it can be very problematic.
Co-authored-by: Scott Wittenburg <scott.wittenburg@kitware.com>
Diffstat (limited to '.github')
0 files changed, 0 insertions, 0 deletions