BackgroundMusic icon indicating copy to clipboard operation
BackgroundMusic copied to clipboard

Published 20 hours ago verified publisher icon kyleneideck

homebrew URL exposes AWS Secret and Access keys

Open tpittmanVS opened this issue 4 years ago • 1 comments

I assume it isnt just for me. I dont want to post the screenshot here but if you post your email address I will send you the screenshot. You should be able to replicate it with the most basic brew cask installation, ie brew install --cask background-music

tpittmanVS avatar Jul 07 '21 18:07 tpittmanVS

Thanks, it's [email protected].

But I think the keys might just be included in a redirect from https://github.com/kyleneideck/BackgroundMusic/releases/download/v0.3.2/BackgroundMusic-0.3.2.pkg.

If you still think it could be a security problem, you might want to report it to https://github.com/Homebrew/homebrew-cask/blob/HEAD/Casks/background-music.rb. That's where the Homebrew formula is managed.

By the way, you probably want to use the cask that tracks the snapshot (i.e. pre-release) versions:

brew tap homebrew/cask-versions
brew install --cask background-music-pre

I haven't found the time to make a new stable release in a long time, so the stable release doesn't work on Big Sur yet.

kyleneideck avatar Jul 08 '21 02:07 kyleneideck