private keys leaked? - Githubissues

RadarCOVID / radar-covid-ios

Native iOS app using DP^3T iOS sdk to handle Exposure Notification framework from Apple

Mozilla Public License 2.0

144 stars 43 forks source link

Closed miguelangel-dev closed 4 years ago

miguelangel-dev commented 4 years ago

Even if these keys were used in the pilot, they should not be committed.

They have been compromised, so:

.gitignore should be updated accordingly, adding these 2 rules, and removing the current ones.
Certs rotation should be done after reviewing Android app.

alvaro-octal commented 4 years ago

Both directories only contain public keys

miguelangel-dev commented 4 years ago

Yep, you are right, I have reviewed it again, and it seems to be public.