FYI: Projects on Travis CI advised to rotate secrets

Jory Burson


As many of you are already aware, earlier this month there was a vulnerability reported with Travis CI, that made it possible for secure environment variables (signing keys, access creds, api tokens etc) to be exfiltrated.

All projects using Travis CI are advised to rotate their secrets.

The board and CPC have requested that we follow up with you all to ensure this information is shared. I know many of you have already migrated off of Travis CI or have rotated secrets already. If you haven't already done so, or need assistance (with this or anything else) let us know!