#3130 Issue open
: Are all our GitHub Actions safe?¶
Labels: discuss / RFC
, ReaR Project
jsmeix opened issue at 2024-01-16 09:12:¶
By chance I noticed
I know basically nothing about GitHub Actions
so I can neither check nor verify whether or not
all those GitHub Actions that are run for ReaR are safe.
In particular I worry about those GitHub Actions
that produce so called "binaries" from our ReaR sources
like RPM packages which could be installed by users.
Is it safe for our users to install
those "binaries" on their systems?
Will those "binaries" always contain only our
unmodified ReaR sources (i.e. same as "git clone")
or might those "binaries" contain modified ReaR sources?
[Export of Github issue for rear/rear.]