Comment by staticassertion
3 days ago
I assume this is because it is modeled after git tags, and at this point it would be a major change to move away from this. But it should probably get started at some point.
3 days ago
I assume this is because it is modeled after git tags, and at this point it would be a major change to move away from this. But it should probably get started at some point.
GitHub has an opt-in option to enforce immutable tags as part of immutable releases.
https://docs.github.com/en/code-security/concepts/supply-cha...
Nice, yeah I think they should start to migrate to that behavior by default.