|
|
|
|
|
|
by zwass
1464 days ago
|
|
|
contents:read to contents:write is a big deal! Just to pick out a random widely used project, nodejs [1] has a number of unsigned commits to the main branch. Their commits could have been tampered with during this timeframe. What about release artifacts? [1]: https://github.com/nodejs/node/commits/main |
|
|
(also ability to do it with content:write is just speculation from my side, they don't make it clear if it is possible, that would need to be confirmed by github)