For others who might also share the same concerns, my ticket where I explain what effects it will have on our project, and in comment I also respond to Greg's worries about stealing individual accounts.
https://issues.apache.org/jira/browse/INFRA-24200 Maybe for other projects it is not as important as it is for Airflow, maybe the amount of traffic and outside contributors is not that bad - and for those projects I think the policy might make sense. But I strongly believe that for many projects that have a lot of outside contributors it will have a similar effect as I believe it will have for Airflow (and the goal of increased security will not be achieved). And I do not want to argue, Greg, nor shout at anyone (so just anticipating, I would really appreciate not shouting at me for raising a yellow flag). I am not saying that it is all "wrong" and making a revolution. I just think that you should reconsider the policy of disabling it for everyone and then "justifying" why you need an exception rather than just (how it was so far) choosing appropriate policy via .asf.yml. I believe the reasons everyone will mention in their tickets will be similar to ours and maybe, just maybe, simply leaving it up to a project to control the policy (with default "require approval") is much better than top-bottom forcing it and expecting some kind of justification. Quoting a person from my project: 'Yeah, that sounds like a really bad decision for our workflow. It makes me wonder how other projects are handling their workflow if this doesn't break them. I can only see this working for a small team who are all/mostly committers and rarely get outside contributions.` J. On Mon, Feb 13, 2023 at 9:26 PM Jarek Potiuk <ja...@potiuk.com> wrote: > > Surely. I will. > > On Mon, Feb 13, 2023 at 9:01 PM Greg Stein <gst...@gmail.com> wrote: > > > > 1. JohnDoe submits a PR, and somebody on the PMC flips the bit to allow GHA > > to run now and in the future. > > 2. BlackHat steals JohnDoe's credentials > > 3. BlackHat submits a PR to mine crypto. GHA starts running before any > > human can stop it. > > > > Explain how to correct that in your ticket. > > > > Cheers, > > -g > > > > > > On Mon, Feb 13, 2023 at 1:56 PM Jarek Potiuk <ja...@potiuk.com> wrote: > >> > >> I will raise a ticket and explain. > >> > >> But This would be a huge blow to the Airflow community and almost > >> immediate burn-out of the active committers if it goes life for > >> Airflow. And likely many other projects. > >> > >> I am very strongly convinced it should not be enforced. > >> > >> J. > >> > >> On Mon, Feb 13, 2023 at 8:51 PM Daniel Gruno <humbed...@apache.org> wrote: > >> > > >> > To Project PMCs: > >> > > >> > GitHub for Apache projects is currently set to allow a non-committer > >> > contributor to use GitHub Actions if a previous pull request by that > >> > person has been approved. > >> > > >> > This has raised some security concerns, and could cause issues with > >> > overall use and availability of GitHub Actions. > >> > > >> > The Infrastructure Team proposes to change the default to “always > >> > require approval for external contributors”. We intend to make this > >> > change on Sunday the 19th of March, 2023. > >> > > >> > This change will apply to all GitHub repositories that do not already > >> > have a specific GitHub Actions policy set. > >> > > >> > Projects that have a strong desire to use the “only need approval first > >> > time” option should communicate that, explaining their reasons, in a > >> > Jira ticket for Infra. Please be as specific as you can in which > >> > repositories you wish to have this option set for, should you choose to. > >> > > >> > With regards, > >> > Daniel, on behalf of the ASF Infrastructure Team.
