Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
README: Talk about security issues
See original GitHub issueHaving set up cachix on travis before, I had to face the following questions:
- Can someone who creates a PR (i.e. anyone) modify the build instructions to extract the private key to cachix?
- Can someone who creates a PR (i.e. anyone) modify the build instructions to upload something to the cache that is not actually the result of the derivation.
- Can someone who can commit to
mastermodify the build instructions to extract the private key to cachix? - Can someone who can commit to
mastermodify the build instructions to upload something to the cache that is not actually the result of the derivation.
Maybe the answers are obvious if you know GitHub Actions better than I do, but I would still appreciate a brief discussion of who I am trusting if I using this Github Action. Thanks!
Issue Analytics
- State:
- Created 4 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
"security-README", proposed standard for open source repos
A security ReadMe file should be in all open source commits. It provides guidelines on how to contact projects about security issues, or...
Read more >security/README.md
Report a Vulnerability. We're extremely grateful for security researchers and users that report vulnerabilities to the etcd Open Source Community.
Read more >Security Alert False Positives - Readme examples - GitLab
The Security Dashboard reports a Critical alert for a benign README example. What is the expected correct behavior? The Security Dashboard, and ...
Read more >README File – Everything you Need to Know - Great Learning
A README file is a text file that describes and launches a project. It comprises information that is frequently needed to grasp the...
Read more >README_: Contact Information, Journalists, and Overview
README is a publication covering the issues, ideas and people shaping the future of ... Experts say various motives underlie these incidents but...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
See #42 and let me know if that needs further clarification.
I agree. I will make cache creation more streamlined in a month or so. Thank you for the feedback!