Folks,
Is the 03/19/2023 deadline still in force? What's the final verdict from infra? Can projects control this behavior by creating some configuration file in their repository so this mass impact can be controlled by respective PMCs rather then being enforced on everyone abruptly? ---- On Mon, 13 Feb 2023 13:27:16 -0800 Kenneth Knowles <k...@apache.org> wrote --- I've raised https://issues.apache.org/jira/browse/INFRA-24201 for Beam and see also Airflow's ticket https://issues.apache.org/jira/browse/INFRA-24200. On Mon, Feb 13, 2023 at 11:49 AM Daniel Gruno <mailto:humbed...@apache.org> wrote: To Project PMCs: GitHub for Apache projects is currently set to allow a non-committer contributor to use GitHub Actions if a previous pull request by that person has been approved. This has raised some security concerns, and could cause issues with overall use and availability of GitHub Actions. The Infrastructure Team proposes to change the default to “always require approval for external contributors”. We intend to make this change on Sunday the 19th of March, 2023. This change will apply to all GitHub repositories that do not already have a specific GitHub Actions policy set. Projects that have a strong desire to use the “only need approval first time” option should communicate that, explaining their reasons, in a Jira ticket for Infra. Please be as specific as you can in which repositories you wish to have this option set for, should you choose to. With regards, Daniel, on behalf of the ASF Infrastructure Team.
