[Pulp-dev] Locking down Github Actions

David Davis daviddavis at redhat.com
Mon Apr 5 17:55:27 UTC 2021

There have been reports of Github Actions being abused to run
cryptocurrency mining code by bad actors opening PRs against projects that
use GHA. To prevent our repos from being targeted, I've gone through and
either set repos to only allow select actions or disabled actions
completely (for repos not using GHA).

If you manage a pulp repo, please check that everything works in GHA and
that your repo is configured correctly.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20210405/ffcebc19/attachment.htm>

More information about the Pulp-dev mailing list