this post was submitted on 12 Jul 2024
366 points (97.4% liked)
Programmer Humor
19488 readers
1162 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That approach seems useful but it wouldn't have prevented the PyPI incident OP links to: the access token was temporarily entered in a
.py
python source file, but it was not committed to git. The leak was via.pyc
compiled python files which made it into a published docker build.Yeah, but a combination of this approach, and adding all compiled file types including .pyc to .gitignore would fix it.
But in this case they didn't accidentally put the token in git; the place where they forgot to put
*.pyc
was.dockerignore
.