Matt

> * Missing noun: `The attacker can now see [???] stored in the repository` > * Content - explain more explicitly how the victim's signatures are misused (or if that's...

> If a jj repo finds that it contains it's own secure config path, should it complain loudly or behave any differently? There's good reason to do such a thing...

@yuja Would you like to take this? Or should I give it to another reviewer? It's tangentially related to the secure config design in that it relies upon the existence...

`tool_map` already has a transition to `cfg=exec` ([source](https://github.com/bazelbuild/rules_cc/blob/2128347b4ee2024536016ee4a28b7d3a98260f46/cc/toolchains/tool_map.bzl#L57-L65)). I think it should be safe to just replace exec with target.

My assumption was that your situation would end up with bazel configuring a seperate set of toolchains for each of your remote execution platforms, so you'd get: * macos exec...

Could this be fixed in bazel itself? I imagine a solution would be to just not deduplicate toolchains. Would there be a significant performance implication of this? Or maybe we...

I was able to come up with a pretty reasonable solution for rules_toolchains that would be just as applicable here. It's similar to the approach that @keith got working, except...

Tests appear to be broken, but LGTM otherwise

Our internal CI is complaining that `//docs:toolchain_api_diff_test` is failing. I would assume you updated the docs in starlark, but didn't regenerate them or something?

I'm not a fan of the flags `--rewrite`, `--in-place` and `--isolate`. I feel like if I read the name of them I wouldn't be able to work out what it...