[Numpy-discussion] PR for keywordlabeler

Matti Picus matti.picus at gmail.com
Sun Jun 13 04:29:22 EDT 2021


On 10/6/21 10:20 pm, Charles R Harris wrote:
> Hi All,
>
> There is a pending PR <https://github.com/numpy/numpy/pull/19198> that 
> uses keywordlabeler <https://github.com/marketplace/keywordlabeler> to 
> automatically label PRs and issues. Installing the app requires giving 
> it write permissions to PRs and issues. This isn't different than with 
> the current labeler, but I note that we don't have a procedure for 
> deciding such issues that may have security implications. So I am 
> posting here before proceeding with app installation.
>
> Thoughts?
>
> Chuck


If there was a way to pin these actions to a hash tag that would be 
better, at the least it should pin to a version. We already use third 
party actions in the github workflow: checkout and setup-python (both 
specifying a "version" via "@v2"), 
larsoner/circleci-artifacts-redirector-action at master (hmm, that should 
pin to a version).


Matti



More information about the NumPy-Discussion mailing list