[ 
https://issues.apache.org/jira/browse/HADOOP-19858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18073581#comment-18073581
 ] 

ASF GitHub Bot commented on HADOOP-19858:
-----------------------------------------

ajfabbri commented on PR #8412:
URL: https://github.com/apache/hadoop/pull/8412#issuecomment-4246865795

   Things to understand:
   1. What actions/steps are trusted versus untrusted and how are we separating 
them.
   2. Do we guard against malicious container image creation? (e.g. a PR which 
modifies Dockerfiles, and has package: write permissions to publish it where 
other jobs may reuse it)
   3. Confirm we do not have any `secrets: inherit` or `pull_request_target` 
usage that could leak our GITHUB_TOKEN




> Set up build workflow in GitHub Actions
> ---------------------------------------
>
>                 Key: HADOOP-19858
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19858
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: build
>            Reporter: Cheng Pan
>            Priority: Major
>              Labels: pull-request-available
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to