question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

README: Talk about security issues

See original GitHub issue

Having set up cachix on travis before, I had to face the following questions:

  • Can someone who creates a PR (i.e. anyone) modify the build instructions to extract the private key to cachix?
  • Can someone who creates a PR (i.e. anyone) modify the build instructions to upload something to the cache that is not actually the result of the derivation.
  • Can someone who can commit to master modify the build instructions to extract the private key to cachix?
  • Can someone who can commit to master modify the build instructions to upload something to the cache that is not actually the result of the derivation.

Maybe the answers are obvious if you know GitHub Actions better than I do, but I would still appreciate a brief discussion of who I am trusting if I using this Github Action. Thanks!

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
domenkozarcommented, Apr 24, 2020

See #42 and let me know if that needs further clarification.

1reaction
domenkozarcommented, Jan 15, 2020

I agree. I will make cache creation more streamlined in a month or so. Thank you for the feedback!

Read more comments on GitHub >

github_iconTop Results From Across the Web

"security-README", proposed standard for open source repos
A security ReadMe file should be in all open source commits. It provides guidelines on how to contact projects about security issues, or...
Read more >
security/README.md
Report a Vulnerability. We're extremely grateful for security researchers and users that report vulnerabilities to the etcd Open Source Community.
Read more >
Security Alert False Positives - Readme examples - GitLab
The Security Dashboard reports a Critical alert for a benign README example. What is the expected correct behavior? The Security Dashboard, and ...
Read more >
README File – Everything you Need to Know - Great Learning
A README file is a text file that describes and launches a project. It comprises information that is frequently needed to grasp the...
Read more >
README_: Contact Information, Journalists, and Overview
README is a publication covering the issues, ideas and people shaping the future of ... Experts say various motives underlie these incidents but...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found