Long battle
Long battle
Posted Mar 24, 2025 2:12 UTC (Mon) by buck (subscriber, #55985)In reply to: Long battle by cen
Parent article: Julien Malka proposes method for detecting XZ-like backdoors
I'm not sure i understand exactly, but GitHub actions themselves seem to be bringing more supply-chain concerns to the party:
https://github.com/advisories/GHSA-mrrh-fwg8-r2c3
So, in terms of "CI worker" trustworthiness, it's turtles all the way down.
(Not that I am asserting you said it wasn't)