Apparently, the origin of the phony certificates was precisely at the central level, and it seems, according to the latest information, that someone has inadvertently pushed the credentials of the portal on Github.
At these levels, it's not even worth it. If you get to push .htpasswd, the level is so low it could be anything. In a nutshell, the problem is not whether they entered this hole or another, the problem is that when you work at these levels, there will be hundreds of holes. Not worth the time, really.
As far as I'm concerned, the green pass remains a good idea, but the sloppiness with which the idea is implemented is simply mortifying.
Working like this, Green Pass is simply hot air.
