-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Added 2025/11/2025-11-04-china-merchants-fund-2.md #19057
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
+73
−0
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| Declaration of Information Leakage and Complaint Rights for China Merchants Fund Management Co., Ltd. | ||
|
|
||
| Declaration: I have read and understood GitHub's "Guide for Submitting DMCA Notices"; | ||
|
|
||
| Appeal Entity: Shenzhen Cube Security Technology Co., Ltd. (Acting on behalf of China Merchants Fund Management Co., Ltd.); | ||
|
|
||
| Responsible Person: [private], Contact Person's Phone Number: [private]; | ||
|
|
||
| Unit Email: [private]; | ||
|
|
||
| Unit Address: [private], Email: [private]; | ||
|
|
||
| Request Matters: | ||
|
|
||
| After investigation, it was discovered that a set of internal, non-public and sensitive source code related to China Merchants Fund Management Co., Ltd. was uploaded on the GitHub open-source community website. The uploaded source code file was a personal upload on GitHub without permission. | ||
|
|
||
| (2) Specific information description: | ||
|
|
||
| On July 19, 2022, user 1999hpzy uploaded the system environment configuration of China Merchants Fund Management Co., Ltd., internal NTP, DNS, SSH restricted network segments, internal YUM sources, password policies, authentication modules, resource restrictions, audit configuration, user management commands, network topology and security baseline information to the project https://github.com/1999hpzy/1999hpzy. (Note: cmfchina.com is the domain name registered and filed by China Merchants Fund, and the English abbreviation of China Merchants Fund is cmfchina, with the Chinese pinyin abbreviation "zsjj".) After verification by the internal security personnel of China Merchants Fund, this source code is indeed the Linux system security baseline check code of China Merchants Fund. We hope that GitHub can assist in requiring this user to delete the entire repository https://github.com/1999hpzy/1999hpzy and stop the infringement behavior. | ||
|
|
||
| Here are some screenshots: | ||
|
|
||
| In the file https://github.com/1999hpzy/1999hpzy/blob/main/scripts/baseline_cmf.sh#L8, you can see the code description "China Merchants Fund - Linux System Security Baseline Configuration Items" as well as the Chinese pinyin abbreviation of China Merchants Fund "zsjj". | ||
|
|
||
| [private] | ||
|
|
||
| In the file https://github.com/1999hpzy/1999hpzy/blob/main/scripts/baseline_cmf.sh#L111, you can see the internal resource identifier "cmfchina" of China Merchants Fund. | ||
|
|
||
| [private] | ||
|
|
||
| In the file https://github.com/1999hpzy/1999hpzy/blob/main/scripts/baseline_cmf.sh#L236, you can see that the official domain name used by the internal YUM source of China Merchants Fund is "cmfchina.com". | ||
|
|
||
| [private] | ||
|
|
||
| In the file https://github.com/1999hpzy/1999hpzy/blob/main/scripts/baseline_cmf.sh#L140, you can see the restricted network segment for the intranet of China Merchants Fund. | ||
|
|
||
| [private] | ||
|
|
||
| Explanation: | ||
|
|
||
| (1) The warehouses and contents mentioned above have seriously infringed upon the legitimate rights and interests of China Merchants Fund Management Co., Ltd. The information involved in this appeal is classified as non-public and confidential within China Merchants Fund Management Co., Ltd., including relevant configuration information and network information. Therefore, we hereby request the official assistance of Github to promptly delete these contents. | ||
|
|
||
| (2) We hope that the aforementioned users can delete the entire repository mentioned in the appeal, which is https://github.com/1999hpzy/1999hpzy. | ||
|
|
||
| (3) We are unable to determine the identity of the infringer. | ||
|
|
||
| (4) Given that these sensitive information contain confidential data, please assist in handling this matter as soon as possible. | ||
|
|
||
|
|
||
|
|
||
| Statement: | ||
|
|
||
| (1)I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed. | ||
|
|
||
| (2)Our company is the legal owner of the content being complained about (attached with a copy of the authorization letter); | ||
|
|
||
| (3)I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law. | ||
|
|
||
| (4)I have taken fair use into consideration. | ||
|
|
||
| We guarantee that the information in this notice is sufficient, true and accurate, and that we have been authorized to exercise the rights and interests specified in Item 2. | ||
|
|
||
| Sincerely, | ||
|
|
||
| Github Officia | ||
|
|
||
| [private] (authorized by China Merchants Fund Management Co., Ltd.): | ||
|
|
||
| Shenzhen Cube Security Technology Co., Ltd. | ||
|
|
||
| Date: [private] | ||
|
|
||
| Applicant Signature: [private] | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrected incomplete word 'Officia' to 'Official'.