Don't commit your Slack API token

[mikestreety]

I've noticed that you have committed your private Slack token and pushed it to an open, public website. This isn't very good practise as it means anyone with the token could read/write data to your Slack channels. Information could include passwords, logins or what you think of Sandra who works in HR.

Where the token is: https://github.com/vhs/VHSSlackBot/blob/9dce01009e9ed09f2341bbdaf7b775543d9281ba/config.json#L3 I would recommend you take the following steps to remove and secure this token as soon as possible - to avoid any embarrassment!

1. Generate a new token in Slack. Make sure you don't commit this new one!
2. Follow this Github tutorial on how to remove sensitive information from your repository

Be careful in future about committing sensitive information :smile:

[laftho]

While I appreciate the notice, you're doing people a good service here, we don't actually care if this one is public. In fact, we think it would be more fun if the public indeed has it!

The Slack instance we are using is vanhack.slack.ca, it's a drop in replacement of IRC for our city's hackerspace and we freely invite anyone into the instance. If our slackbot starts going off script and gains some sentience... :popcorn:

[KazW]

This was a great read, the subject is delicious click bait for any security minded dev. I shared @mikestreety's view when I started reading it, then @laftho makes an awesome funny point that embodies hacker culture. If the Slack bot becomes an issue at some point in the future, we'll look back at this and say we had a chance to prevent Judgement Day.

Fun had by all, issue closed.