Daniel Richard G.

Thanks, I'm not a fan of making things any more complex than they need to be. And it's especially important here, since transparency is ultimately the whole point. I was...

> Exactly with that in mind it would be helpful to see an overview of your supposed workflow. It would ease identifying all the moving parts. The overview is up...

Polling Google is a whole different ballgame. Every five minutes would be fine then. It's an issue with Debian because they're a shoestring operation. I can leave out the e-mail...

> Mainly the bus factor that arises from the need to register at some third-party service. Nothing requires that one person hang onto the login credentials. That could be stored...

After further investigation, I've encountered some obstacles with the approach I had in mind: * The [ProxiedMail](https://proxiedmail.com/) service makes it possible for a received e-mail message to trigger a webhook....

> If being up to date is really a concern it can run every 10 minutes for all I care, but generally (also for security releases) I refer to the...

The docs don't do a good job of delineating between "free" and "unlimited," but I found a [reference](https://github.blog/2022-06-01-github-team-or-free-how-to-choose-the-right-plan/) on the GitHub blog that clarifies "GitHub Actions are unlimited for public...

> @iskunk Would it be possible to subscribe to the debian-security mailing list as a means of checking if stable has a new release? I'm not sure how different that...

> Could you somehow use workflow artifacts for that? They're an even worse fit. Artifacts are great for when your workflow has some specifically associated output, like a compiled binary...

Okay, I've finally gotten something out the door: #349 Please have a look over it, and let me know if you have any questions/comments/concerns. One thing I'd like to update...