Le mar. 2 juin 2026 à 03:29, Timo Rothenpieler via ffmpeg-devel <[email protected]> a écrit : > > On 01.06.2026 19:24, Jean-Baptiste Kempf via ffmpeg-devel wrote: > > This is particularly dangerous. > > This makes the CI prone to injection to files from random people. > > Nothing stops people from doing the exact same thing right now anyway, > by simply adding a new CI step that wgets whatever sample they like. > So I don't see what's dangerous about it. It changes nothing. > > I also don't see what's dangerous about it in general. > Worst someone can do is make CI fake-green, but if they wanted that, > they could just modify the workflow directly and make it return > always-green. > The entire CI lives inside of the repo and runs from inside of the PR > after all.
Any user allowed to run the CI workflow is allowed to execute any arbitrary code so, after thinking about it I agree with Timo on that. _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
