[Pulp-dev] Locking down Github Actions

[David Davis]

There have been reports of Github Actions being abused to run
cryptocurrency mining code by bad actors opening PRs against projects that
use GHA. To prevent our repos from being targeted, I've gone through and
either set repos to only allow select actions or disabled actions
completely (for repos not using GHA).

If you manage a pulp repo, please check that everything works in GHA and
that your repo is configured correctly.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20210405/ffcebc19/attachment.htm>