Robert Pająk
Robert Pająk
Can you please make sure that the PAT does not allow editing the GitHub Releases? As far as I know, the Write permission (even fine-grained for Contents scope) also gives...
One more reference: [Supply Chain Attacks via GitHub.com Releases](https://wwws.nightwatchcybersecurity.com/2021/04/25/supply-chain-attacks-via-github-com-releases/)
@codeboten This is a good idea 👍 Then we would just need (in Collector and Collector Contrib repos) something that would detect if something publishes an unwanted release. For instance,...
> Still the PAT could be used to create tags It would be enough to add a `*` [tag protection rule](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules).
> it wouldn't include any artifacts (beyond source zip/tar files) Then the PAT could be used to edit the releases and add malicious artifacts 😢
> at that point we can start issuing fine-grained PATs with write access to a single repo for those who want to grant write permission to @opentelemetrybot. The fine-grained PAT...
@zasweq Do you mean that the test passed for you on `main`?
@zasweq I have the same problem on `main`. I just had to add `context.Background()` to `interop.` calls. EDIT: I created https://github.com/grpc/grpc-go/pull/6971
I think it may be worth to share with you the OpenTelemetry semantic conventions (they are experimental, but there is nothing better) for telemetry produced for RabbitMQ: - https://opentelemetry.io/docs/specs/semconv/messaging/messaging-spans/ -...