I haven't looked closely but it seems like hashes are the only good choice, in the absence of an equivalent of the checksum database.https://julienrenaux.fr/2019/12/20/github-actions-security-risk/ …
-
-
-
Indeed, there doesn't appear to be any sumdb equivalent. At least with a pinned version we can "hope" for better than simply v1. But someone once warned me about having hope as a strategy.... Using commit ids is probably the best option right now
- Još 4 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.