> On 20. 3. 2025, at 23:12, John Thurston <john.thurs...@alaska.gov> wrote: > > And since I know that ISC has projects at GitHub, and I suspect that ISC > projects would be a big, fat, juicy target for code injection, I feel like I > gotta ask . . Is ISC willing to weigh in and say if their projects may have > been affected, or if credentials for their projects may have been exposed?
We don't use GitHub as primary platform and we push only public branches to GitHub as read-only mirrors. I do run some extra checks on GitHub (like CodeQL and SonarCloud because of the integrations), but this was the first time I've ever heard about tj-actions in my life. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
signature.asc
Description: Message signed with OpenPGP
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
