[SciPy-Dev] GitHub actions restrictions

Ilhan Polat ilhanpolat at gmail.com
Thu Apr 29 01:33:21 EDT 2021


There are also a lot of complaints from OS maintainers to GitHub in the
private OSS Feedback Group. It is indeed tiring for large and active
projects to go through and click every PR. TravisCI took the path to kick
out OS to combat and GH is doing this basically pushing the burden on the
OS maintainers. A proposal was given to restrict this to cases in which
only if the pull request touches sensitive files .github or .sh-alike
however GH has not commented yet. I am not sure if that is going to be
sufficient to block malicious code executions though.



On Wed, Apr 28, 2021 at 11:45 PM Andrew Nelson <andyfaff at gmail.com> wrote:

>
> https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks
>
> From the GH website:
> When a first-time contributor submits a pull request to a public
> repository, a maintainer with write access must approve any workflow runs.
>
> The purpose behind this is so that things like mining for Bitcoin is
> prevented.
>
> A.
>
> _______________________________________________
> SciPy-Dev mailing list
> SciPy-Dev at python.org
> https://mail.python.org/mailman/listinfo/scipy-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/scipy-dev/attachments/20210429/1ddef66f/attachment.html>


More information about the SciPy-Dev mailing list