Michael>Has there been a clear statement as to why the restrictions are in Michael>place?
They say "for security reasons". Michael>seems like the restriction is rather pointless. My feeling exactly :-( I guess someone submitted something like https://julienrenaux.fr/2019/12/20/github-actions-security-risk/#the-problem as a security issue to the ASF, and it triggered the wave :-( I guess they mentioned that tag-based and branch-based action references like AdoptOpenJDK/install-jdk@v1 could silently change (e.g. git force push), and the action would silently capture secrets or even push something to the ASF repository. Vladimir
