this post was submitted on 12 Jul 2024
366 points (97.4% liked)

Programmer Humor

19488 readers
1162 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

One does not commit or compile credentials

Template

Context:

This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.

you are viewing a single comment's thread
view the rest of the comments
[–] cypherpunks@lemmy.ml 9 points 3 months ago (1 children)

At my workplace, we use the string @nocommit to designate code that shouldn’t be checked in

That approach seems useful but it wouldn't have prevented the PyPI incident OP links to: the access token was temporarily entered in a .py python source file, but it was not committed to git. The leak was via .pyc compiled python files which made it into a published docker build.

[–] OhNoMoreLemmy@lemmy.ml 1 points 3 months ago (1 children)

Yeah, but a combination of this approach, and adding all compiled file types including .pyc to .gitignore would fix it.

[–] cypherpunks@lemmy.ml 5 points 3 months ago

adding all compiled file types including .pyc to .gitignore would fix it

But in this case they didn't accidentally put the token in git; the place where they forgot to put *.pyc was .dockerignore.