eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/explanation
History
Erich Blume e1429fc3e7 Document Spork Attack supply-chain risk 
Upstream can push workflows (in .github/ or .forgejo/) that execute
on our runners via any trigger mechanism including cron. Runner label
mismatch is the current defense but is fragile. No complete fix exists
short of disabling Actions entirely.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 08:16:09 -07:00
..
agent-change-process.md Restructure docs: consolidate, recategorize, and extract 2026-03-15 19:55:59 -07:00
architecture.md Remove unused Mosquitto MQTT broker from ringtail 2026-03-11 18:37:31 -07:00
federated-login.md Deploy Mealie recipe manager (#299) 2026-03-16 21:59:10 -07:00
security-model.md Fix frontmatter field name for Quartz date display (#158) 2026-02-11 16:45:12 -08:00
spork-strategy.md Document Spork Attack supply-chain risk 2026-03-29 08:16:09 -07:00
why-gitops.md Review why-gitops doc (#184) 2026-02-13 16:48:06 -08:00