[remcob]

In the interest of said discussion, I would appreciate a write-up of the rationale behind the approach chosen, when you are ready. It could help others that are in a similar situation. Perhaps inspire a better practice in the industry.

[ssemmaprise]

Hi there, we wrote up our thoughts + reply here: https://discuss.circleci.com/t/circleci-response-to-kevin-bu... Thanks all for your thoughts + comments.

[politician]

Thanks for putting this together.

You mention vetting third party scripts, but did not explain how your app is not vulnerable to those scripts being hacked or modified in the future. This vulnerability seemed to be the main point of Kevin's piece.

Could you update your post to address that issue?