Johannes Meixner

Also from my side I welcome @didacog as a ReaR maintainer.

I consider this as done. If not, reopen it with further information.

@pcahyna I will have a look regarding "restrict workflow runs for contributors". I think in case of doubt I prefer to be better too restrictive than too permissive.

At https://github.com/rear/rear/settings/actions under ``` Fork pull request workflows from outside collaborators ``` I changed now the current setting ``` Require approval for first-time contributors Only first-time contributors will require approval...

A different topic regarding GitHub Actions: At https://github.com/rear/rear/settings/actions in the section ``` Workflow permissions ``` in the sub-section ``` Choose whether GitHub Actions can create pull requests or submit approving...

Unfortunately at https://github.com/rear/rear/settings/actions there is only the one choice ``` Allow GitHub Actions to create and approve pull requests ``` that can be enabled or disabled as a whole. The...

Because in case of doubt I prefer to be better too restrictive than too permissive I disabled now ``` Allow GitHub Actions to create and approve pull requests ``` on...

Regarding GitHub Actions that produce so called "binaries" from our ReaR sources like RPM packages which could be installed by users, see my initial description here https://github.com/rear/rear/issues/3130#issue-2083394287 Righ now I...

By chance I noticed CVE-2025-30066 e.g. see https://github.com/advisories/GHSA-mrrh-fwg8-r2c3 which proves that using GitHub Actions is a generic security risk for GitHub projects. I have no idea if ReaR might be...

I am in particular interested how far each of the Docker images is trustworthy which are referenced in tools/run-in-docker as ``` # Define the list of supported images declare -r...