Stream: wg-secure-code

Topic: Cargo token disclosure vulnerability

briansmith (Jan 29 2019 at 00:23, on Zulip):

See To me it looks like the root cause is the lack of association between the token and the expected audience of the token; i.e. the tokens aren't directed or labeled appropriately. It might be something where this group could be useful in coming up with a good long-term solution.

Tony Arcieri (Jan 29 2019 at 00:31, on Zulip):

audience confusion strikes again

Last update: Mar 31 2020 at 02:00UTC