Hi, See the discussion at https://lists.apache.org/thread/s72pqsx8d0bfc4lgq18v76n3s2d7cps6 for background.
As that thread yielded no objections, I am now putting up the configuration change to a formal vote: I propose to change the workflow approval setting for Pekko GitHub Actions from “always require approval for external contributors” to "only need approval the first time". This means we commit to actively monitor the workflows for abuse and act accordingly, which I think is feasible for us because our workflows generally have restricted permissions, and we intend to keep it that way. This is my +1 (binding) (if this vote succeeds the configuration change will be enacted by Infra under INFRA-27565) -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
