On 01.06.2026 19:24, Jean-Baptiste Kempf via ffmpeg-devel wrote:
This is particularly dangerous. This makes the CI prone to injection to files from random people.
Nothing stops people from doing the exact same thing right now anyway, by simply adding a new CI step that wgets whatever sample they like.
So I don't see what's dangerous about it. It changes nothing. I also don't see what's dangerous about it in general.Worst someone can do is make CI fake-green, but if they wanted that, they could just modify the workflow directly and make it return always-green. The entire CI lives inside of the repo and runs from inside of the PR after all.
OpenPGP_0xD85AAA6874B7507E.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
