“We learned that 32% of the actions in the top starred list were, in fact, unpinnable. This discovery implies that if you pin actions used by your workflows, there’s a high chance the pinning doesn’t provide the protection you think it does. Attackers could still have inroads to run malicious code in your pipeline.”
https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/
Mastodon Source 🐘
“Why three webs?
* The web of names is convenient and easy to use
* The web of UUIDs allows us to track content that changes with time
* The web of hashes (SHA1) allows total precision in managing content”
https://joearms.github.io/published/2015-03-12-The_web_of_names.html
Mastodon Source 🐘
“The biggest problem we have is we've conflated two things. We've said the idea that I attach to this thing that lasts over time is the thing that lasts over time.”
https://www.flyingmachinestudios.com/programming/the-unofficial-guide-to-rich-hickeys-brain/