|
|
|
|
|
|
by nyouhd
248 days ago
|
|
|
Not to defend the pull_request_target, it is dangerous... But, am I the only one who think it was a stretch to say "just like that, we had a github actions token with read/write access to nixpkgs"? They were able to dump arbitrary file to logs. The secrets were automatically obfuscated with *** in the logs. How could they exfiltrate the token? |
|
|