On 10/6/21 10:20 pm, Charles R Harris wrote:
Hi All,
There is a pending PR <https://github.com/numpy/numpy/pull/19198> that
uses keywordlabeler <https://github.com/marketplace/keywordlabeler> to
automatically label PRs and issues. Installing the app requires giving
it write permissions to PRs and issues. This isn't different than with
the current labeler, but I note that we don't have a procedure for
deciding such issues that may have security implications. So I am
posting here before proceeding with app installation.
Thoughts?
Chuck
If there was a way to pin these actions to a hash tag that would be
better, at the least it should pin to a version. We already use third
party actions in the github workflow: checkout and setup-python (both
specifying a "version" via "@v2"),
larsoner/circleci-artifacts-redirector-action@master (hmm, that should
pin to a version).
Matti
_______________________________________________
NumPy-Discussion mailing list
NumPy-Discussion@python.org
https://mail.python.org/mailman/listinfo/numpy-discussion
