Follow

I was looking at CI options for GitHub and the actions available for scp'ing a file:

github.com/marketplace?type=ac

This is Russian roulette. I tried auditing three of these options and either they use some shifty copy of openssh or I just can't trust all of their indirection layers. How do people trust these things?!

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves. A STEM-oriented instance.

An inclusive free speech instance.
All cultures and opinions welcome.
Explicit hate speech and harassment strictly forbidden.
We federate with all servers: we don't block any servers.