Replies: 3 comments
-
|
This is really, really important. Otherwise, anyone with write access to this repo can repeat the same supply chain attack. These days you must assume a single developer will have their GitHub account compromised and be resilient against that single point of failure. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Not sure why this issue isn't prioritized or even commented at |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
rest assured we look into this |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
This part of blog post:
Could easily be solved:
publish)publishenv. Then require maintainers review before publishDemo: https://github.com/alcuadrado/trusted-publishing-example
Complete minimal reproducer
https://example.com
Beta Was this translation helpful? Give feedback.
All reactions