Thanks for explaining the Jenkins security model. Matt> which can write to ASF infrastructure that I know of are all in the Matt> websites node which have scripts and such explicitly to secure its use Matt> case (mostly via the .asf.yaml config options for your site branch).
I am afraid I do not follow you. An arbitrary script (e.g. one of the Maven plugins) can write to ASF repositories when it runs at website node. It sounds like a much more significant issue than GitHub Action. Vladimir
