| ▲ | noodletheworld 3 hours ago | |
There is no such thing as please be careful when revoking tokens. What does that mean? Dont revoke them? Look at them carefully before revoking them? And what? Just let the actor just keep using them to spread to other people? Always rotate your tokens immediately if they're compromised. If it hurts, well, that sucks. …but seriously, not revoking the tokens just makes this worse for everyone. A fair comment would have been: “it looks like the payload installs a dead-mans switch…” Asking the maintainers not to revoke their compromised credentials deserves every down vote it receives. | ||
| ▲ | wavemode 3 hours ago | parent | next [-] | |
You seem to be interpreting "please be careful when..." as "don't". I'm not sure how that interpretation makes any sense. Obviously they just mean, first kill the service (or better yet, shutdown the machine entirely) and then revoke the token...? | ||
| ▲ | yuzuquat 3 hours ago | parent | prev | next [-] | |
my understanding is that careful means cleaning up the dead-man’s switch before revoking | ||
| ▲ | 3 hours ago | parent | prev [-] | |
| [deleted] | ||