On Mon, 22 Jun 2026 08:50:17 GMT, Aleksey Shipilev <[email protected]> wrote:
> I agree with "update" part. Why do we need to pin? That blocks us from > getting rolling updates to these actions. Not pinning leaves space for supply chain attacks. As described here, for example: https://blog.rafaelgss.dev/why-you-should-pin-actions-by-commit-hash ------------- PR Comment: https://git.openjdk.org/jdk/pull/31603#issuecomment-4766585586
