>I will watch for abuse. Thank you for the response.
Technically speaking, first-time contributors would need manual approval for executing CI anyway, so we don't need to constantly monitor pull requests for cryptominers and things like that. Just wondering: are the others silent because they are busy or are they silent because they are not sure of the consequences? I would like to mention that the policy summarizes the most important best practices for using GitHub Actions in a secure manner, and we should follow it no matter what. For example, we need to be careful when modifying CI configuration (e.g. .github/.../*.yml files) since merging some changes (e.g. pull_request_target option) might expose secrets. Vladimir
