Hacker News new | ask | show | jobs
by orlp 33 days ago
No it doesn't have security implications.

If you are insecure because someone has had one of their otherwise completely innocent PRs merged into your repo... you are insecure, period.
2 comments
lgrapenthin 33 days ago
What you are describing is exactly a security implication.
link
stavros 33 days ago
Security isn't a binary "secure/insecure". You can be more or less secure than something.
link