Why would the test dependencies have access to production secrets? They only get... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		2fast4you on Oct 23, 2022 \| parent \| context \| favorite \| on: Curl doesn't add libproxy due to its quality issue... Why would the test dependencies have access to production secrets? They only get installed while developing

hombre_fatal on Oct 23, 2022 [–]

They still get run on a developer’s machine most of the time and are at least installed there where they can run arbitrary code on install. And there are juicy secrets beyond just production server secrets sitting on your laptop.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact