Eric Le Lay
Eric Le Lay
Not tested, but code looks good. Thanks!
Call me paranoid but I'm not confident entrusting a private token to a 3rd party app. public_repo | Limits access to public repositories. That includes read/write access to code, commit...
Yes it is intended to be used to open a PR, but it is consumed by an unspecified version (`@latest`) of the app, which then calls an [unspecified version of...
> > Yes it is intended to be used to open a PR, but it is consumed by an unspecified version (`@latest`) of the app, which then calls an [unspecified...
> We could also reference the SHA of a specific commit (https://docs.github.com/en/actions/creating-actions/about-custom-actions#using-a-commits-sha-for-release-management). Then its impossible for an attacker to takeover the tag or branch and publish malicious code. This might...
Indeed the exe they provide is not the same one. - Our sha256 (as advertised on the [release page](https://github.com/gpodder/gpodder/releases/tag/3.11.0) and verified locally): 89a85604b5c664f53e1bd0eb8a0a1ed185b7f7de6482e040657dd516e23c6fa4 - Their sha256: 2b83e31f74c13d8b32831fe82f799cf72dd36402adac46b09dc3020157dde010
Please try our version. It doesn't have this bug!
closing since it's been pending for years. Please reopen if relevant
would it make sense to release an unstable ppa from master ?
There is https://github.com/gpodder/gpodder/blob/master/tools/test-auth-server.py that you can run on your desktop