|
| 1 | +Declaration of Information Leakage and Complaint Rights for China Merchants Fund Management Co., Ltd. |
| 2 | +Declaration: I have read and understood GitHub's "Guide for Submitting DMCA Notices"; |
| 3 | + |
| 4 | +Appeal Entity: Shenzhen Cube Security Technology Co., Ltd. (Acting on behalf of China Merchants Fund Management Co., Ltd.); |
| 5 | + |
| 6 | +Responsible Person: [private], Contact Person's Phone Number: [private]; |
| 7 | + |
| 8 | +Unit Email: [private]; |
| 9 | + |
| 10 | +Unit Address: [private], Email: [private]; |
| 11 | + |
| 12 | +Request Matters: |
| 13 | + |
| 14 | +After investigation, it was discovered that a set of internal, non-public and sensitive source code related to China Merchants Fund Management Co., Ltd. was uploaded on the GitHub open-source community website. The uploaded source code file was a personal upload on GitHub without permission. |
| 15 | + |
| 16 | +(2) Specific information description: |
| 17 | + |
| 18 | +On July 19, 2022, user WengerChan uploaded the system environment configuration of China Merchants Fund Management Co., Ltd., internal NTP, DNS, SSH restricted network segments, internal YUM sources, password policies, authentication modules, resource restrictions, audit configuration, user management commands, network topology and security baseline information to the project https://github.com/WengerChan/notes/. (Note: cmfchina.com is the domain name registered and filed by China Merchants Fund, and the English abbreviation of China Merchants Fund is cmfchina, with the Chinese pinyin abbreviation "zsjj".) After verification by the internal security personnel of China Merchants Fund, this source code is indeed the Linux system security baseline check code of China Merchants Fund. We hope that GitHub can assist in requiring this user to delete this repository https://github.com/WengerChan/notes/ and stop the infringement behavior. |
| 19 | + |
| 20 | +Here are some screenshots: |
| 21 | + |
| 22 | +In the file https://github.com/WengerChan/notes/blob/main/scripts/baseline_cmf.sh#L8, you can see the code description "China Merchants Fund - Linux System Security Baseline Configuration Items" as well as the Chinese pinyin abbreviation for China Merchants Fund "zsjj". |
| 23 | + |
| 24 | +[private] |
| 25 | + |
| 26 | +In the file https://github.com/WengerChan/notes/blob/main/scripts/baseline_cmf.sh#L111, you can see the internal resource identifier "cmfchina" of China Merchants Fund. |
| 27 | + |
| 28 | +[private] |
| 29 | + |
| 30 | +In the file https://github.com/WengerChan/notes/blob/main/scripts/baseline_cmf.sh#L236, you can see that the official domain name "cmfchina.com" is used for the YUM repository within China Merchants Fund. |
| 31 | + |
| 32 | +[private] |
| 33 | + |
| 34 | +In the file https://github.com/WengerChan/notes/blob/main/scripts/baseline_cmf.sh#L140, you can see the restricted network segment for the internal network of China Merchants Fund. |
| 35 | + |
| 36 | +[private] |
| 37 | + |
| 38 | +Explanation: |
| 39 | + |
| 40 | +(1) The warehouses and contents mentioned above have seriously infringed upon the legitimate rights and interests of China Merchants Fund Management Co., Ltd. The information involved in this appeal is classified as non-public and confidential within China Merchants Fund Management Co., Ltd., including relevant configuration information and network information. Therefore, we hereby request the official assistance of Github to promptly delete these contents. |
| 41 | + |
| 42 | +(2) We hope that the aforementioned users can delete the entire repository mentioned in the appeal, which is https://github.com/WengerChan/notes/. |
| 43 | + |
| 44 | +(3) We are unable to determine the identity of the infringer. |
| 45 | + |
| 46 | +(4) Given that these sensitive information contain confidential data, please assist in handling this matter as soon as possible. |
| 47 | + |
| 48 | + |
| 49 | + |
| 50 | +Statement: |
| 51 | + |
| 52 | +(1)I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed. |
| 53 | + |
| 54 | +(2)Our company is the legal owner of the content being complained about (attached with a copy of the authorization letter); |
| 55 | + |
| 56 | +(3)I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law. |
| 57 | + |
| 58 | +(4)I have taken fair use into consideration. |
| 59 | + |
| 60 | +We guarantee that the information in this notice is sufficient, true and accurate, and that we have been authorized to exercise the rights and interests specified in Item 2. |
| 61 | + |
| 62 | +Sincerely, |
| 63 | + |
| 64 | +Github Officia |
| 65 | + |
| 66 | +[private] (authorized by China Merchants Fund Management Co., Ltd.): |
| 67 | + |
| 68 | +Shenzhen Cube Security Technology Co., Ltd. |
| 69 | + |
| 70 | +Date: [private] |
| 71 | + |
| 72 | +Applicant Signature: [private] |
0 commit comments