Yicong-Huang commented on PR #4278: URL: https://github.com/apache/texera/pull/4278#issuecomment-4044094230
> However, this approach places too much implicit trust in PRs that both run and modify the workflow, which could introduce vulnerabilities. make sense. since we are running actions in our main repo, it is a good idea to let committer approve altered action/workflows. > Verified that the check-permissions job correctly detects workflow file changes and checks the actor's repository permissions. Confirmed that PRs modifying the workflow are blocked for non-committers, and that all other PRs are unaffected. How did you verify though? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
