Why do we use a commit hash instead of a version for the tibdex/github-app-token github action? #3342

dkershner6 · 2024-02-09T22:11:46Z

dkershner6
Feb 9, 2024

Just curious.

Feb 9, 2024

For this highly security relevant action that is published by a more or less random user, we've always felt it would be better to use a specific vetted commit.

View full answer

dkershner6 · 2024-02-09T22:14:15Z

dkershner6
Feb 9, 2024
Author

Via @mrgrain

For this highly security relevant action that is published by a more or less random user, we've always felt it would be better to use a specific vetted commit.

1 reply

dkershner6 Feb 9, 2024
Author

Pre-emptive release monkeying safety mechanism, I can see it. Thank you.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Why do we use a commit hash instead of a version for the tibdex/github-app-token github action? #3342

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Why do we use a commit hash instead of a version for the tibdex/github-app-token github action? #3342

dkershner6 Feb 9, 2024

Replies: 1 comment · 1 reply

dkershner6 Feb 9, 2024 Author

dkershner6 Feb 9, 2024 Author

dkershner6
Feb 9, 2024

Replies: 1 comment 1 reply

dkershner6
Feb 9, 2024
Author

dkershner6 Feb 9, 2024
Author