Comment by orlp
10 hours ago
No it doesn't have security implications.
If you are insecure because someone has had one of their otherwise completely innocent PRs merged into your repo... you are insecure, period.
10 hours ago
No it doesn't have security implications.
If you are insecure because someone has had one of their otherwise completely innocent PRs merged into your repo... you are insecure, period.
What you are describing is exactly a security implication.
Security isn't a binary "secure/insecure". You can be more or less secure than something.