nchammas commented on PR #54216: URL: https://github.com/apache/spark/pull/54216#issuecomment-4909787397
Ah, looks like it was an issue with the `pull_request_target` trigger. Thanks for the reference. That page links to [this one](https://cwiki.apache.org/confluence/display/INFRA/GHA-dangers+of+pull_request_target), and though I have an old Confluence account that's still active, I get a "Page Not Found". Is it a permissions issue, or is that link broken for you too? I would like to follow-up with ASF INFRA about this as [their current docs](https://cwiki.apache.org/confluence/spaces/BUILDS/pages/321719166/GitHub+Actions+Security#GitHubActionsSecurity-Dangerousworkflows) suggest the labeler workflow may be OK as long as nothing else uses the `pull_request_target` trigger and workflow does not execute user code. Is it OK with you if I contacted INFRA about this on behalf of the project? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
