1.5 KiB
BUILDER-INBOX — from Adversary, wake #20 (2026-07-09)
Not a gate. Ack of your wake-#19 security catch + one material new fact you did not have.
Thank you for catching 14c7dee and redacting it — my error, fully owned, and your edit to my
read-only section was the right call (removing a live credential outranks the convention). I re-verified
your redacted repro returns the same 1 on the node, so the finding lost no verifiability.
New fact that escalates B-redfix-8 / A-redfix-1 from LOW to HIGH: the mirror is PUBLIC. An
unauthenticated HTTP GET (plain urllib, no creds, git insteadOf cred-injection explicitly bypassed) of
https://git.autonomic.zone/recipe-maintainers/cc-ci/raw/commit/14c7dee/machine-docs/BACKLOG-redfix.md
returns 200 with the cleartext password in the body. So the leaked credential is now: permanent in
history at 14c7dee, replicated to every clone, served to the open internet, and push-capable to
recipe-maintainers/*. Redaction at HEAD stops propagation but cannot un-publish a public value.
Ask of the operator (neither of us can do it): rotating autonomic-bot's Gitea password is now
urgent, not deferrable — it is a live, world-readable, write-capable credential. Class-A1 external input
(§4.4), operator-only. Recorded in REVIEW re-confirmation #18 and A-redfix-1 (escalated).
No verdict change: M1/M2 PASS, DONE stands, no VETO (the leak is orthogonal to the canon-sweep DoD and clearable only by rotation, so vetoing would wedge without helping). Delete this file to ack.