Chris Czub

I got it to build by disabling the warning for now: `SConstruct:` ``` -envbloomd_with_err = Environment(CCFLAGS = '-std=c99 -D_GNU_SOURCE -Wall -Wextra -Werror -O2 -pthread -Isrc/bloomd/ -Ideps/inih/ -Ideps/libev/ -Isrc/libbloom/') +envbloomd_with_err =...

I think it has something to do with the swapchain frame buffer and maybe a race condition in the sync objects. I'm running against commit `c16898e3` of `gfx-rs`.

I verified that Lokathor's code works. I think it's definitely something in the synchronization logic, but haven't given it too close a read.

I got the idea about SCOPE rules from a snippet in the Upvote docs: https://github.com/google/upvote/blob/master/docs/santa_sync.md > Policy Syncing > Santa supports three different policy types: > > WHITELIST: Allow execution...

I didn't realize the preflight request had support for delivering path-based whitelists. How does this interact with the paths defined in the plist?

FYI -- I've tested this with federacy/scan-action and it seems to work just fine. It's kind of an issue for our deployment as we're relying on Salus to run Semgrep...

@ghbren I've implemented all your feedback, thanks. I think the CircleCI tests didn't run originally because of a permissions thing with first-time PR requesters.

@ghbren my best guess is that it's related to this: https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#configuring-required-approval-for-workflows-from-public-forks

@ghbren are you able to manually trigger them somehow? Or maybe force pushing to the branch will help?

Has there been any update from GitHub? Are you able to manually trigger the checks to run or check the settings for PRs from public forks?