Carlos Meza

Here is a better list of what to filter for under `github.event`, https://securitylab.github.com/research/github-actions-untrusted-input/

I closed it because it was very incomplete and requires a lot of changes. If there is interest, I can investigate a more elegant solution. Right now, I am using...

I think this PR, #455, makes a solution to this issue easier to implement.

Is this related to #373 ?

This was not an escaping issues, it was a trailing new line in the example manifest. I submitted a PR, #454, to update the manifest. I am not sure if...

I would say leave the default http for both size and not baking in `certificate-ca`. But I would love to see this as an option that can be toggled.

Yeah, the size is not a huge difference. And yes, I was incorrect. `ca-certificates` is recommended not depends. ``` ~$ apt show apt-transport-https Package: apt-transport-https Version: 1.2.24 ... = 1.1~exp15),...

As a user of `goss` I like the idea of moving to a goss-org in GitHub. Though, I think the challenge of finding available co-maintainers still stands. :(

I agree that solely moving the repo to an org does not address the concerns that [mbainter](https://github.com/mbainter) brings up: * > the possibility that the fledgling community that has started...

FWIW I think an empty str would be good, in the event that is what the user wants to allow. If an empty str is not valid, in v6.1 the...