dave2wave commented on issue #719: URL: https://github.com/apache/tooling-trusted-releases/issues/719#issuecomment-3947603554
In reviewing the code it is hard to tell if in every case the `project_name`, `version`, and `revision` is always validated first. If not then other "bad" things could happen before arriving in `atr/attestable.py`. The solution is to look at every place these values come in to assure that they are validated at the "front door". If we truly want to check here then errors should throw an error with a stack trace and be "fatal". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
