Michael Macnair

Ah sorry I wasn't clear, the data.json is meant to be an example of static data that the policy refers to, as opposed to the input document. I just didn't...

More generally it would be handy to have a machine readable form of the requirements. These could be used to generate the markdown tables in the spec.

> This might also be useful also for providing a corpus when using structure-aware fuzzing. This is my use case as well. I'd like to benefit from the wonderfully clean...

gometalinter is [being deprecated](https://github.com/alecthomas/gometalinter/issues/590) in favour of golangci-lint.

Thanks Andrew. fwiw you don't need to use `` or similar - just have a container of some type with the id set, e.g. a div.

> which is only possible if they can push to the origin, right Not necessarily, the P0 post describes both workflows that operate on issues in a project and also...

I think the main constraint is the [permitted org config](https://github.com/glassechidna/actions2aws/blob/a078e9daffcba0f31f9ac4e564d61f602722b5b8/api/api.go#L94)?

> Right now it's possible by changing trigger event to "push" instead of "pull_request" and switching scan policy to blocking mode And for GitLab, it looks like it's not possible...

> Just like you wanted your initial scan to be a full scan, we suspect almost everyone else does too. In my case I don't really want special magic so...

If my reading of the [MAC implementation](https://github.com/mozilla/sops/blob/afd073a5be0fe2232d7cd345b9b30edc70ccb962/sops.go#L306) is right, the current mechanism is encrypt-and-MAC, which [isn't as robust](https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac) as an encrypt-_then_-MAC approach. So solving this would have two security benefits...