|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A note from GitHub about your repository
- To: "Greg Ose (GitHub Staff)" <support@github.com>, cve-editorial-board-list <cve-editorial-board-list@mitre.org>, miskander@github.com, Robert Schultheis <rschultheis@github.com>
- Subject: Re: A note from GitHub about your repository
- From: Kurt Seifried <kurt@seifried.org>
- Date: Mon, 1 Oct 2018 09:48:56 -0600
- Authentication-results: spf=softfail (sender IP is 192.52.194.235) smtp.mailfrom=seifried.org; imc.mitre.org; dkim=fail (signature did not verify) header.d=seifried-org.20150623.gappssmtp.com;imc.mitre.org; dmarc=none action=none header.from=seifried.org;
- Delivery-date: Mon Oct 1 12:00:54 2018
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seifried-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=CXgxf7ltgLRzsURBC5yd1BYkCrX7KVJAG/4IaBCdK8I=; b=t3xOnAfL40dfGhh9Xuo6iyo3o3AcY/lJCWvxJVY9kLymjjIpLIpPURtQWEnqwyFQwk +ejkc5gwPZ4szRK/Lg35cIh/lUBblC45S4xe47UPBvmuET42gj9Uq4RY2GJwaAVmjbV+ kHr43dCVvhQCbn/YGnk/bKjeYSSJ9ElaRcHjMQ8zgsUJRDWdrS/UaOde+E2I6lvnQMNi TGpQYTaRpQ42Jx/jAN/4ODysjrhFUz7D6KgdUVq+/2T33avNCuovTV+0npkTxsBpBavz ITia7sP1Qr4ZxnYmbV+lenMyZJHXF2j0apJvSn454urB0RHaQaXOFt/4pVDgtjkq5dY0 f/Iw==
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=mime-version:references:in-reply-to:from:date:message-id:subject:to:content-type; s=selector1; bh=CXgxf7ltgLRzsURBC5yd1BYkCrX7KVJAG/4IaBCdK8I=; b=qH86ZfhwRFdFOLEPL60Cr7lMvCZBTRZqMxUQ55bUj63Qb2qrdecjwTNmDmBogm5ugZTMUJH93t1eXvOZxbU/uzHgTw+9iti3h/klaGd07ycqGj2hL6p0urc06570nABxdRZElX6tyyZ6jJdqLbdCcQLyH4cClKwK4v4yDL0/rGk=
- In-reply-to: <discussions/2f1b8ac0c56511e894cb05b41a397422/comments/5400971@github.com>
- References: <discussions/2f1b8ac0c56511e894cb05b41a397422/comments/5400971@github.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
On Mon, Oct 1, 2018 at 4:31 AM Morgan (GitHub Staff) <support@github.com> wrote:
Hello,
My name is Morgan, and I work on GitHub’s User Policy team. We received word that one of your repositories contains sensitive or personal information that you may not have intended to make public, namely: private email addresses:
Lines 6, 12, 15, 26, 27, 28, and the file name itself.
We wanted to give you a heads-up in case the information was published accidentally. If you need any help removing sensitive information that was committed by mistake, just let me know! We also have a handy guide here:
https://help.github.com/articles/remove-sensitive-data
Please note that we may suspend repositories deemed to violate our Terms of Service, including those hosting sensitive or personal data. Please let us know if you have any questions and we'd be happy to help.
Nope it was published intentionally. In order to request a CVE Identifier, the person submitting the data has to be licensed so the CVE project and others can use it, thus you need to agree to the CVE Terms of Use (https://github.com/distributedweaknessfiling/DWF-Legal-Acceptance/blob/master/Terms-Of-Use.md). I must publish these publicly so I have proof that it was accepted properly. Additionally the email addresses submitted to the form at https://iwantacve.org/ are made public in a google spreadsheet, this is made OBVIOUSLY clear in the initial form. Additionally it is made clear that CVE is a PUBLIC database and information entered into it (like the description of the vulnerability,
Furthermore CVE has a policy that when requesting a CVE you MUST use a working email address so that
1) we can contact you to get acceptance of the Terms of Use
2) CVE users can contact the original requestor for clarification/details/etc
CC'ing the CVE board as I've brought this issue up (how do we handle GDPR related issues) as this provides a good example. Also CC'ing Robert/Marko as they had asked in a previous email how github can help the DWF (a major part would be ensuring trolls don't get people booted off of github). Thanks!
Thanks,
Morgan
GitHub
Kurt Seifried
kurt@seifried.org
kurt@seifried.org
- Follow-Ups:
- Re: A note from GitHub about your repository
- From: Kurt Seifried <kurt@seifried.org>
- Re: A note from GitHub about your repository
- Next by Date: CVE for service vulnerabilities
- Next by thread: Re: A note from GitHub about your repository
- Index(es):