Fix security issue in CI (#17545) - spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.

diff options

author	Harmen Stoppels <harmenstoppels@gmail.com>	2020-07-17 02:27:37 +0200
committer	Gregory Becker <becker33@llnl.gov>	2020-07-23 13:52:09 -0700
commit	24dff9cf20e6a7592eb56e734f1cf4563db8a29d (patch)
tree	aeab0bd23d14f1537681d955b48ffcf332431784 /etc
parent	e4265d31352ce6f6c23a732829c47bc768a1c79a (diff)
download	spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.gz spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.bz2 spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.tar.xz spack-24dff9cf20e6a7592eb56e734f1cf4563db8a29d.zip

Fix security issue in CI (#17545)

The `spack-build-env.txt` file may contains many secrets, but the obvious one is the private signing key in `SPACK_SIGNING_KEY`. This file is nonetheless uploaded as a build artifact to gitlab. For anyone running CI on a public version of Gitlab this is a major security problem. Even for private Gitlab instances it can be very problematic. Co-authored-by: Scott Wittenburg <scott.wittenburg@kitware.com>

Diffstat (limited to 'etc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: