From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 1379D5AEC;
	Fri, 29 Aug 2025 14:49:12 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id B89165B3F; Fri, 29 Aug 2025 14:49:09 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fout-b6-smtp.messagingengine.com
 (fout-b6-smtp.messagingengine.com [202.12.124.149])
	by atuin.qyliss.net (Postfix) with ESMTPS id 3037B5B3B
	for <devel@spectrum-os.org>; Fri, 29 Aug 2025 14:49:08 +0000 (UTC)
Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46])
	by mailfout.stl.internal (Postfix) with ESMTP id 8D3BE1D001C6;
	Fri, 29 Aug 2025 10:49:06 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-06.internal (MEProxy); Fri, 29 Aug 2025 10:49:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1756478946; x=1756565346; bh=mKbZFUfNis
	2EmnQkUS3CDWG8fWneEd122TaSVaKpXus=; b=jZQlZ/Ec7n7GeYi7sqdUBZQbnN
	nqkrV/FVZdx2G6NFn9saHQz2P/h+9O/QHMB5PrkXrGY+eKwYm03wKiJzFflNDpet
	O5WpACzY1E2cP251mPoR+CI8BV+Zf5h4FCzUlR4m3Y0eHNMuBRe8ut+vKFRfyTVm
	XvtX0OpDJLCYQLM8mjSRu5eQr7cMpj2FIKcbCxm/vK/vu1CCLMy+5HcDgcjSTvrN
	2RXd/YZ2x/zB/MiqwLy8U7KbuKjZ8taomqTDBbO/Ohjg6hkC0qargXx4tqmOLKUC
	9nXjeSS+gK0L9wiAkaO9ArYw5WAmdtvplXSmlxknJw14rTkcbj0t74D4hGXw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1756478946; x=1756565346; bh=mKbZFUfNis2EmnQkUS3CDWG8fWneEd122Ta
	SVaKpXus=; b=IjJRtW9hsc+bBsgzmGJh9lENkElw3i6qiBoEr59Wn9/BzAvE/Ib
	o5wztMHcTufYyUdyoRGXsjnRHlA1ibPv2G2aLl3V4sPB+TLOB6BepPyhFb7bxbWE
	l+BRhy7uDMWsJ4yH8PeGk0stKVZrQiw142VkvbxZ6tx9mI3b8yCauu3f2QcsMfp9
	NececlYMwTWBTeAVQK5iiCGKZqGdW3BwXwiRSPpclI6sSzZHm/W4LRpJhZbtWgt2
	mzZg3+wnIcmkW3xCPHrSijYQlcEcfxa+WQ8iQus4TS4HUvQBDCUu6n2u7lxocp1K
	sWP0UUFYlF5ehBinOM1Gny8FQLWNfnnZhUw==
X-ME-Sender: <xms:4b2xaB4SJ06yCLV-4lMS6gtMQ9ud9RH3M9q7M81ilqaIHO3cUL0dzQ>
    <xme:4b2xaEK0kCcg3JDII6s96WpijPB1MTC3kHQ9pl-goY77hCtT9HSikV1l-io6nkYF4
    BMUMmvBdMU6l2Zzpw>
X-ME-Received: 
 <xmr:4b2xaKKr-xv8kygpGXF1rdYRX3OVmSE2t0LoX_5Y1GwUtaUY4mkVhc2QWXRBLCXk>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgddukeegudehucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucenucfjughrpefhvfevufgjfhffkfggtgesghdtreertd
    dtjeenucfhrhhomheptehlhihsshgrucftohhsshcuoehhihesrghlhihsshgrrdhisheq
    necuggftrfgrthhtvghrnhepteehvedugfejgfehhfeijeduleekleejgedvkeeuuefhhf
    egvdevfeetveegteeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi
    lhhfrhhomhephhhisegrlhihshhsrgdrihhspdhnsggprhgtphhtthhopedvpdhmohguvg
    epshhmthhpohhuthdprhgtphhtthhopegsihhpphgvrhguihhpphgvrhdtsehgmhgrihhl
    rdgtohhmpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhrgh
X-ME-Proxy: <xmx:4b2xaCWW_O_R7ipe48Z_3kSKVCm8Yohbimc8a-eUcELJbJv_sYPeYQ>
    <xmx:4b2xaMh0Z8XHKbLj_tjINd4UBFvKHs2yYGz0zaqttH68Uxf6IySRzQ>
    <xmx:4b2xaN_mHgJ7dMjDyn1tncinjZxJ7b9CPYbkCRHj8GxIoTx2RKIc7g>
    <xmx:4b2xaGCSwH-WA1NMm3-gDfYs6v02yDuQkTK2bnpoUOIRSwgcYBqYDw>
    <xmx:4r2xaNKTLOt2_hUWp3KYaCVpxf5363__o5lD5C79LCi6w7m1M31bilKP>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri,
 29 Aug 2025 10:49:05 -0400 (EDT)
Received: by mbp.qyliss.net (Postfix, from userid 1000)
	id B165714EF9BA; Fri, 29 Aug 2025 16:48:54 +0200 (CEST)
From: Alyssa Ross <hi@alyssa.is>
To: ball drinker <bipperdipper0@gmail.com>
Subject: Re: Moderate Cybersecurity Concern
In-Reply-To: 
 <CABBJTt_xAybiNWx8StgJt-64J9qy3FkVGGg1F6kcfFXOAqAiBQ@mail.gmail.com>
References: 
 <CABBJTt_xAybiNWx8StgJt-64J9qy3FkVGGg1F6kcfFXOAqAiBQ@mail.gmail.com>
Date: Fri, 29 Aug 2025 16:48:52 +0200
Message-ID: <87zfbii3or.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: SXKYQUOL2M24C4INA465LNQDV3VA6PJ6
X-Message-ID-Hash: SXKYQUOL2M24C4INA465LNQDV3VA6PJ6
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: devel@spectrum-os.org
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/SXKYQUOL2M24C4INA465LNQDV3VA6PJ6/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

ball drinker <bipperdipper0@gmail.com> writes:

> Salutations --
> I write not as another spammer talking of riches and fame but as a
> concerned cybersecurity student aspiring to be a graduate.
>
> YOUR OPENSSH PRIVATE KEY WAS COMPROMISED IN A GOOGLE DORK IN CASE YOU WERE
> NOT AWARE!
> I figure that now that the important part was stated, I should share some
> proof of it.
> Attached will be a series of two (2) images. These were stumbled across
> while I was completing an assignment for my college course.
>
> I only wanted to share the information with you considering I figured it'd
> be pertinent for something like this.

Hi, thanks for your concern, but this is not an issue.

Note that the key you have found is inside a directory called "tests" in
Nixpkgs, and is named "snake oil".  It is a test fixture, not a key that
controls access to anything outside of that test.  I imagine by now
you'll have found that this key exists in many places across the web,
wherever there are copies of Nixpkgs.

The enthusiasm is nice, but please make sure to check thoroughly before
reporting security issues =E2=80=94 not every instance of a pattern is
automatically an issue, and if it looks like you haven't done this
checking, your reports are likely to be seen as spam after all.
Maintainers are frequently burdened with people submitting reports from
automated security scanners that are not identifying real issues, and
are quite likely to filter out anything that looks like that.

Good luck with your course!

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaLG91AAKCRBbRZGEIw/w
onrWAQDZhVxWVdpfC6MEQkHIDvQF/b0OzXiAtbJvRypo8j7efAEApeDHzSLMIHSI
eDvJHfqDczKu52w+r9YAQj4BMXKr8QY=
=qraa
-----END PGP SIGNATURE-----
--=-=-=--