[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A note from GitHub about your repository

On Mon, Oct 1, 2018 at 4:31 AM Morgan (GitHub Staff) <support@github.com> wrote:


My name is Morgan, and I work on GitHub’s User Policy team. We received word that one of your repositories contains sensitive or personal information that you may not have intended to make public, namely: private email addresses:


Lines 6, 12, 15, 26, 27, 28, and the file name itself.

We wanted to give you a heads-up in case the information was published accidentally. If you need any help removing sensitive information that was committed by mistake, just let me know! We also have a handy guide here:


Please note that we may suspend repositories deemed to violate our Terms of Service, including those hosting sensitive or personal data. Please let us know if you have any questions and we'd be happy to help.

Nope it was published intentionally. In order to request a CVE Identifier, the person submitting the data has to be licensed so the CVE project and others can use it, thus you need to agree to the CVE Terms of Use (https://github.com/distributedweaknessfiling/DWF-Legal-Acceptance/blob/master/Terms-Of-Use.md). I must publish these publicly so I have proof that it was accepted properly. Additionally the email addresses submitted to the form at https://iwantacve.org/ are made public in a google spreadsheet, this is made OBVIOUSLY clear in the initial form. Additionally it is made clear that CVE is a PUBLIC database and information entered into it (like the description of the vulnerability, 

Furthermore CVE has a policy that when requesting a CVE you MUST use a working email address so that 

1) we can contact you to get acceptance of the Terms of Use
2) CVE users can contact the original requestor for clarification/details/etc

CC'ing the CVE board as I've brought this issue up (how do we handle GDPR related issues) as this provides a good example. Also CC'ing Robert/Marko as they had asked in a previous email how github can help the DWF (a major part would be ensuring trolls don't get people booted off of github).  Thanks!



Kurt Seifried

Page Last Updated or Reviewed: October 01, 2018