kou commented on PR #49735: URL: https://github.com/apache/arrow/pull/49735#issuecomment-4249391012
> We did stop pinning hash specifically for those due to the policy not requiring pinning sha for non external actions, see: #48327 > > @kou what are your thoughts on this? I want to use `@vX` for `actions/*` because the ASF GitHub Actions policy allows it. (See also the PR #48327 description.) But we need to pin SHA for other actions such as `msys2/*` and `r-lib/*`. How about pinning only other actions? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
