[tigereyeTO]

This post has left me wondering: what is zizmor? What is ultralytics? Are these words actually real or is someone having a stroke?

Not all nerds know all projects so I decided to educate myself and followed OP’s links to learn about Ultralytics:

> Ultralytics YOLO11 is a cutting-edge, state-of-the-art (SOTA) model that builds upon the success of previous YOLO versions and introduces new features and improvements to further boost performance and flexibility.

Ultralytics’ readme doesn’t explain what ultralytics is or does. Thankfully Zizmor’s readme describes itself clearly:

> zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups.

This isn’t a critique on OP: I enjoyed reading about the vulnerability(ies!) you found and I learned a lot. I’m just generally frustrated that so many readme files on GitHub fail to describe what the project actually does, Ultralytics being just one example.

Have fun and keep hacking

[bobthepanda]

I wonder if Zizmor has anything to do with this NYC local notable: https://en.wikipedia.org/wiki/Jonathan_Zizmor

[woodruffw]

I named it explicitly for Dr. Zizmor :-)

https://github.com/woodruffw/zizmor#the-name

[hardwaregeek]

I was legitimately wondering if Dr Zizmor made a pivot into cybersecurity

[Eisenstein]

YOLO is an ML architecture used for object detection and recognition and Ultralytics develops a version of YOLO.

[xign]

Ultralytics' README gives me a headache to read lol, for similar reasons you gave. But then the package is called YOLO and the author abbreviated state-of-the-art to SOTA (wat…). It's exactly the kind of "modern" GitHub repository that I like to stay away from lol. My only critique of this README was that it didn't have enough emojis. If you want to truly YOLO, may as well fill half your text with emojis.

This hilariously tech bro optimistic auto-response (made by a bot) from the linked issue (https://github.com/ultralytics/ultralytics/issues/18027#issu...) also gave me a laugh in how out of touch it was with what the issue was.