[
https://issues.apache.org/jira/browse/HADOOP-19868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron Fabbri resolved HADOOP-19868.
-----------------------------------
Fix Version/s: 3.5.1
Resolution: Fixed
We now have inline comments explaining key aspects of how we keep our actions
secure. There is also an introductory GH actions security doc in
[.github/workflow-security.md|https://github.com/apache/hadoop/blob/trunk/.github/workflow-security.md].
Thanks everyone for the great discussions.
> ci: add security comments to github actions
> -------------------------------------------
>
> Key: HADOOP-19868
> URL: https://issues.apache.org/jira/browse/HADOOP-19868
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: test
> Reporter: Aaron Fabbri
> Assignee: Aaron Fabbri
> Priority: Minor
> Labels: pull-request-available
> Fix For: 3.5.1
>
>
> Following up on HADOOP-19858, I have a patch for some `# Security:` comments
> to add to our github actions to explain why each workflow is safe.
> I'm also following up on INFRA-27839, just to double check they haven't
> enabled any risky defaults. I'll add comments with any details I find.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
