potiuk commented on pull request #6087: URL: https://github.com/apache/skywalking/pull/6087#issuecomment-751483570
> 1. INFRA is making sure the action is security, and doesn't include write operation. This is not happening now. INFRA is not involved in review of the actions. And some of those actions actually perform write operations. > 2. Airflow and SkyWalking are in the same foundation, we are just 2 groups of people interesting in different tech directions, but basically, we are sharing branding(ASF) and source code IPs. The problem is that I (more any on the commiters/PMCs of Airflow) we are not reviewing all the commits in those repos. I simply cloned someone else's action repo (in this case it is mine, so I am pretty sure I know what I am doing but there are other actions that aren't mine). So I just cloned the repo, In my case, I am reviewing only the particular commit I am referring to in 'apache-airflow' but someone could add malicious code in any of the previous commits - I have no physical possibility to review all that code, but I want to keep the history so that I can bring new changes, review and switch to new versions. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
