The GitHub Actions job "tests" on airflow-steward.git/triage-prelim-checks has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 32205f6f452d9a67580842efa67b58e8d52f198c / Jarek Potiuk <[email protected]> triage: mandatory Security Model citation + closed-tracker precedent search Adds two pre-classification steps to security-issue-triage: Step 2.5 — Apply the Security Model verbatim. The classifier must quote the relevant 2-3 sentences of the project's Security Model and explain how the tracker maps to (or escapes) that wording. A trust-boundary cheat-sheet codifies the common attacker/target combinations into default dispositions, so the classifier cannot skip the boundary analysis silently. Step 2.6 — Closed-tracker precedent search. Extends the existing fuzzy-dup search (Step 2a in security-issue-import) to look for closed 'invalid' / 'not CVE worthy' / 'duplicate' trackers — and CVE-allocated positive precedents — for the same fuzzy keys. A STRONG rejection precedent lowers proposal confidence and often swings the disposition from VALID to NOT-CVE-WORTHY. Motivation: a 2026-05-14 triage sweep against airflow-s/airflow-s got 8 of 9 trackers' first-pass classification wrong — proposed VALID for cases that had direct NOT-CVE-WORTHY precedents (e.g. airflow-s#258 for the __classname__→import_string pattern, airflow-s#215/#237 for cross-DAG-read via Execution API). The misclassifications were only caught after the human triager pushed back twice asking the assistant to read the Security Model deeply and check past similar issues. This PR codifies both as mandatory pre-classification steps. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> Report URL: https://github.com/apache/airflow-steward/actions/runs/25854980093 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
