| ▲ | cyberclimb 13 hours ago | |
The actions/checkout repo still doesn't even use immutable releases so I'll believe it when I see it | ||
| ▲ | mmarian 13 hours ago | parent [-] | |
Yes, it's maddening. Especially since it's a fair amount of effort to move to commit SHA pinning and establish a good maintenance/monitoring process around it; if I knew it would be adopted quickly, I could argue that people should just wait and accept temporary risk. | ||