mike-jumper commented on PR #811: URL: https://github.com/apache/guacamole-client/pull/811#issuecomment-1482987620
> Ok, looks like it is indeed only the first time that the workflow needs to be approved. So long as the build itself can somehow be guaranteed to not be able to impact the repository, the runner it runs on, etc., then this is probably OK as long as we can always manually stop the build. If there is any possibility that the build could be used maliciously, then implicit approval for follow-up builds would be deal-breaking IMHO. It would be far too easy for someone to open a PR, await approval of that PR's build, and then push new and malicious changes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
