This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Found a secret/private key in code.
Type: security Stage: resolved
Components: Versions: Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, krrishdhaneja, zach.ware
Priority: normal Keywords:

Created on 2020-11-08 05:27 by krrishdhaneja, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (3)
msg380533 - (view) Author: Krrish Dhaneja (krrishdhaneja) Date: 2020-11-08 05:27
Found a private key in commit 9ae9ad8 in https://github.com/python/cpython .
msg380569 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2020-11-09 01:12
That commit does not appear to be part of any branch of the main repository, and also appears to contain non-changes to every file in the repository.

There are known private keys somewhere in Lib/test for use in tests.  If you're referring to something else, please point it out a bit more clearly, preferably with a link directly to the file :)

If you're talking about accidentally committing your own private key to your personal fork of the repo, your best course is probably to delete your fork and re-fork, though I don't know if that will actually make that commit go away forever; you'd need to talk to GitHub about that.
msg380579 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-11-09 09:53
As Zachary already pointed out, Python's source code contains multiple private keys for internal testing. The keys are only used for integration tests and are not a security problem.
History
Date User Action Args
2022-04-11 14:59:37adminsetgithub: 86455
2021-01-13 09:34:34iritkatrielsetstatus: pending -> closed
2020-11-09 09:53:30christian.heimessetstatus: open -> pending

nosy: + christian.heimes
messages: + msg380579

resolution: not a bug
stage: resolved
2020-11-09 01:12:02zach.waresetnosy: + zach.ware
messages: + msg380569
2020-11-08 05:27:08krrishdhanejacreate