Y
Hacker News
new
|
ask
|
show
|
jobs
by
franktankbank
90 days ago
Doesn't a single compromised action in the chain cause the whole to be fucked? Pinning the top level doesn't prevent any spread.
1 comments
teaearlgraycold
90 days ago
Might want to vendor everything?
link
lijok
90 days ago
That’s the way to go indeed. We’ve done it, not difficult, just a bit of gruntwork to keep them updated when needed
link
franktankbank
90 days ago
I don't know what this means in this context.
link
teaearlgraycold
90 days ago
Make copies of the entire GitHub action dependency tree.
link