This has nothing to do with trusting packages; it’s about delegating publishing ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		woodruffw on April 21, 2023 \| parent \| context \| favorite \| on: Introducing 'Trusted Publishers' This has nothing to do with trusting packages; it’s about delegating publishing authority to a service like GitHub Actions.

verdverm on April 21, 2023 [–]

How do you know that what the action is doing is trustworthy?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact