brew Remove third-party actions (where possible)

Remove third-party actions (where possible)

Open MikeMcQuaid opened this issue 1 year ago • 8 comments

Verification

[X] This issue's title and/or description do not reference a single formula e.g. brew install wget. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/new/choose instead.

Provide a detailed description of the proposed feature

We should avoid third-party, unofficial GitHub Actions where possible, particularly those that do simple things like gh can do in a one-liner (e.g. opening a pull request)

What is the motivation for the feature?

Improving the security profile of Homebrew

How will the feature be relevant to at least 90% of Homebrew users?

It won't be.

What alternatives to the feature have been considered?

Doing nothing
Creating more of our own actions
Doing a security audit of our actions

CC @Homebrew/security folks for thoughts here too.

May 28 '24 08:05 MikeMcQuaid

brew brew copied to clipboard

Remove third-party actions (where possible)

Verification

Provide a detailed description of the proposed feature

What is the motivation for the feature?

How will the feature be relevant to at least 90% of Homebrew users?

What alternatives to the feature have been considered?

brew
brew copied to clipboard