Here's my vote: +1 I've reviewed the policy and I affirm abiding by the requirements
Le lun. 7 août 2023 à 08:29, Daniel Gruno <humbed...@apache.org> a écrit : > Any chance for a third +1 here? :) > > On 2023/07/07 16:28:41 Vladimir Sitnikov wrote: > > >I will watch for abuse. > > > > Thank you for the response. > > > > Technically speaking, first-time contributors would need manual approval > > for executing CI anyway, > > so we don't need to constantly monitor pull requests for cryptominers and > > things like that. > > > > Just wondering: are the others silent because they are busy or are they > > silent because > > they are not sure of the consequences? > > > > I would like to mention that the policy summarizes the most important > best > > practices for > > using GitHub Actions in a secure manner, and we should follow it no > matter > > what. > > > > For example, we need to be careful when modifying CI configuration (e.g. > > .github/.../*.yml files) > > since merging some changes (e.g. pull_request_target option) might expose > > secrets. > > > > Vladimir > > >
