I was looking at CI options for GitHub and the actions available for scp'ing a file:

github.com/marketplace?type=ac

This is Russian roulette. I tried auditing three of these options and either they use some shifty copy of openssh or I just can't trust all of their indirection layers. How do people trust these things?!

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.