You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@poi.apache.org by GitBox <gi...@apache.org> on 2022/04/16 23:27:34 UTC

[GitHub] [poi] nathannaveen opened a new pull request, #325: chore: Set permissions for GitHub actions

nathannaveen opened a new pull request, #325:
URL: https://github.com/apache/poi/pull/325

   - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
   
   https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
   
   https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
   
   [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
   
    Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
   
   Signed-off-by: nathannaveen <42...@users.noreply.github.com>
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

[GitHub] [poi] pjfanning commented on pull request #325: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

pjfanning commented on PR #325:
URL: https://github.com/apache/poi/pull/325#issuecomment-1100848020

   @nathannaveen thanks for drawing attention to this setting. I read https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and this seems to suggest that 'none' is the default - isn't that better than granting 'read' - since nothing in this yml file needs the github token?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

[GitHub] [poi] nathannaveen commented on pull request #325: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

nathannaveen commented on PR #325:
URL: https://github.com/apache/poi/pull/325#issuecomment-1107857790

   > @nathannaveen thanks for drawing attention to this setting. I read https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and this seems to suggest that 'none' is the default - isn't that better than granting 'read' - since nothing in this yml file needs the github token?
   
   I agree, and have updated the permissions to none by the recommended syntax from https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs#overview.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

[GitHub] [poi] asfgit closed pull request #325: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

asfgit closed pull request #325: chore: Set permissions for GitHub actions
URL: https://github.com/apache/poi/pull/325


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org