wu-sheng commented on pull request #6087: URL: https://github.com/apache/skywalking/pull/6087#issuecomment-751484090
> This is not happening now. INFRA is not involved in review of the actions. And some of those actions actually perform write operations. Yes, I know they haven't. I mean, all these things are related to this purpose :) > The problem is that I (more any on the commiters/PMCs of Airflow) we are not reviewing all the commits in those repos. I simply cloned someone else's action repo (in this case it is mine, so I am pretty sure I know what I am doing but there are other actions that aren't mine). So I just cloned the repo, In my case, I am reviewing only the particular commit I am referring to in 'apache-airflow' but someone could add malicious code in any of the previous commits - I have no physical possibility to review all that code, but I want to keep the history so that I can bring new changes, review and switch to new versions. We(SkyWalking) are only using the `cancel` task for now, so, I could say this is safe, right :). That is my point of now doing a duplicated clone, specifically for this case. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
