Comment by buildfocus

1 day ago

How could it possibly hurt?

For trusted publishing, it's not a band-aid, it's a significant improvement that kills an entire class of CI takeover publish attacks. I'm sure attackers will find another way but it's a big gap this is closing up.