Having both is really where things are at. That way you can verify that the tool... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		scheme271 5 months ago \| parent \| context \| favorite \| on: Being blocked from contributing to lodash Having both is really where things are at. That way you can verify that the tools being used for the build aren't doing something behind your back and that the code that you see is what you're getting.

WhyNotHugo 4 months ago [–]

GitHub actions encourages using mutable references for “workflows”, so the inputs used during the build process can change before and after the build.

That seems like an obvious vector for doing something behind your back.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact