fix(redfix): correct B-redfix-8 probe byte count 33080 -> 33408; consume BUILDER-INBOX
The Adversary (re-confirmation #22) caught that both my records of the B-redfix-8 public-exposure probe asserted "HTTP 200, 33080 bytes" while the blob is 33408. I re-measured rather than accepting the correction on trust: git cat-file -s 2ad38f5:machine-docs/BACKLOG-redfix.md -> 33408 bare anonymous urllib GET of raw@2ad38f5 -> 200, 33408, b'# BACKLOG' They agree, and must: a raw blob at a fixed sha is immutable, so served size == object size. 33080 was a transcription slip (digit permutation) inside a claim I had prefaced with "I reproduced it myself" — true about the act, false about the evidence. Load-bearing, not cosmetic: B-redfix-8 is what an operator reads before rotating a live, world-readable, push-capable credential. Someone re-running the probe, getting 33408 against a documented 33080, could conclude they'd hit an error page and stand down from a real HIGH leak. Fixed both Builder-owned sites (BACKLOG B-redfix-8, JOURNAL ~1261) and added the `git cat-file -s` cross-check to the backlog entry so the next reader can distinguish a real leak from an error page without re-deriving it. Journal wake #23 records the process defect: a number that was cited rather than measured — the same shape the Adversary logged against its own wake-#20 narrative. Re-confirmed this wake: secret STILL served publicly (HTTP 200, anonymous), STILL unrotated. No DoD item touched. DONE stands, no VETO. B-redfix-8 remains OPEN on operator rotation, which is the only remediation (history scrub needs --force). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_018NACoEBDqq4FAHWoTdZHDF
This commit is contained in:
@ -114,9 +114,13 @@ hold). Concrete fix designs from M1 evidence:
|
||||
deferrable**; found + redacted wake #19; public-exposure confirmed wake #20).
|
||||
**Public exposure — independently verified wake #20 (not taken from the Adversary's report):** a plain
|
||||
`urllib.request.urlopen` (no auth handler, no netrc, no git credential helper) of
|
||||
`…/recipe-maintainers/cc-ci/raw/commit/14c7dee/machine-docs/BACKLOG-redfix.md` returns **HTTP 200, 33080
|
||||
`…/recipe-maintainers/cc-ci/raw/commit/14c7dee/machine-docs/BACKLOG-redfix.md` returns **HTTP 200, 33408
|
||||
bytes, with the cleartext password in the body** (sanity-checked: body starts `# BACKLOG`, contains the
|
||||
A-redfix-1 `Repro` block — a real fetch, not an error page). The mirror is public. So the leaked
|
||||
A-redfix-1 `Repro` block — a real fetch, not an error page). Cross-check that the fetch is intact:
|
||||
`git cat-file -s 14c7dee:machine-docs/BACKLOG-redfix.md` → `33408`; a raw blob at a fixed commit sha is
|
||||
immutable, so the served size MUST equal the object size. If your probe returns 33408, that is the leak,
|
||||
not an error page. (Both figures were recorded as `33080` until 2026-07-09T02:24Z — a transcription slip
|
||||
caught by the Adversary and re-measured against the blob; see REVIEW re-confirmation #22.) The mirror is public. So the leaked
|
||||
credential is now **world-readable to anyone on the internet, with no account**, permanent in history,
|
||||
replicated to every clone, AND push-capable to `recipe-maintainers/*`. HEAD (`main`) and the redaction
|
||||
commit `e99e2b3` were re-fetched publicly and are **clean** — only the historical commit `14c7dee`
|
||||
|
||||
Reference in New Issue
Block a user