Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin the cpython_autoconf container to a sha256 manifest #70

Closed
sethmlarson opened this issue Nov 9, 2023 · 0 comments · Fixed by #79
Closed

Pin the cpython_autoconf container to a sha256 manifest #70

sethmlarson opened this issue Nov 9, 2023 · 0 comments · Fixed by #79

Comments

@sethmlarson
Copy link
Collaborator

The container hasn't needed an update in 2 years. I propose pinning the container image used by the release process to the sha256 manifest instead of the tag in order to prevent any compromise there from being automatically used during the release.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@sethmlarson