Please make sure to rebase to the latest master. I brought 7 new repositories to apache/airflow-* for now and switched to those (for now)
The discussions about the new policy continue however, because there are some gaping holes in the approach we have now, which I pointed at. Feel free to join discussions there: Discussion [email protected]: https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion [email protected]: https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E J. On Sun, Dec 27, 2020 at 3:38 PM Jarek Potiuk <[email protected]> wrote: > I moved all actions to apache-airflow owned repositories and have PR ready > that should fix it: https://github.com/apache/airflow/pull/13327 > > > On Sun, Dec 27, 2020 at 2:14 PM Jarek Potiuk <[email protected]> wrote: > >> The ASF Infra made a sudden change in the GitHub Actions settings this >> morning. This was apparently as a response to a security incident. More >> info in this thread: >> >> >> https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E >> >> We were not affected by the security problem, because we discussed those >> potential attack vectors and we have been following the "pinned hashed" >> approach for github actions: >> https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions >> >> However, change in the policy means that our builds stopped working. I am >> working now to bring the actions we use to 'Apache' owned repositories and >> switch to those actions now. >> >> Stay tuned. >> >> J, >> >> -- >> +48 660 796 129 >> > > > -- > +48 660 796 129 > -- +48 660 796 129
