ajfabbri commented on PR #8412: URL: https://github.com/apache/hadoop/pull/8412#issuecomment-4246865795
Things to understand: 1. What actions/steps are trusted versus untrusted and how are we separating them. 2. Do we guard against malicious container image creation? (e.g. a PR which modifies Dockerfiles, and has package: write permissions to publish it where other jobs may reuse it) 3. Confirm we do not have any `secrets: inherit` or `pull_request_target` usage that could leak our GITHUB_TOKEN -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
