Let's say I have a religion that, as part of practicing it, restricts my diet.
If I try to make you - a non-practitioner - eat that diet, then your reply makes sense. It's a personal matter; I don't get to force it on you or anyone else.
But if you try to remove the option of me being able to get food that fits my diet out in public? Don't try to justify that by saying "religion is a personal matter". That's an absurd rationale.
> Let's say I have a religion that, as part of practicing it, restricts my diet.
> If I try to make you - a non-practitioner - eat that diet, then your reply makes sense. It's a personal matter; I don't get to force it on you or anyone else.
In the UK, it's becoming increasingly difficult to find restaurants whose meat is not halal. One could argue that a religious diet is in fact being forced upon those who do not practise Islam.
How does praying infringe on a public space? Does it leave behind wrappers? Hurt the local wildlife? Ruin the watershed?
Should we ban people quietly playing musical instruments in public spaces to? Perhaps people walking? Certainly people reading books - they could be religious books or even, gasp, depict sex.
Out of memory, it is often times Muslims praying in the middle of a road or pathway to block other people for no reason than being obnoxious. And then as a reaction they will get this stupid law.
The security researcher noticed that CodeRabbit runs linters against your code base and noticed that Rubocop was among the provided linters. Rubocop supports extensions that contain custom code, so he crafted an extension that exfiltrated the environment variables of the running Rubocop process when it linted the contents of his PR.
But where does the configuration for Rubocop come from? From CodeRabbit (e.g. you configure it on their server for your repo), from the repository or (new) config files in the PR?
Howon, you can stop posting that canned response. It's not helping the discussion in any way and matches the lack of detail the other commenters have pointed out.
Another comment mentioned [0]. Enterprise and people running a private CA can set "security.pki.certificate_transparency.disable_for_hosts" to disable CT for certain domains (plus all their subdomains).
I just hope they automatically disable it for non-public tlds, both from IANA and RFC 6762.
> Doesn't this effectively render corporate CAs useless?
All of the browsers ignore transparency for enterprise roots. To determine which is which, the list of actual public roots is stored separately in the CA database, listed in chrome://certificate-manager/crscerts for Chrome and listed as a "Builtin Object Token" in Firefox's Certificate Manager.
Unfortunately, it leaves a lot to be desired. I've actually had to do a fair bit of GH access reporting myself recently and I can recommend the GraphQL API as it allows you to properly list direct and indirect permissions on repositories (org + team + direct collaborator) that are alot harder to do with the REST API due to its inconsistent permissions model.
IME, the problem with the GraphQL API is that it does a poor job of indicating where permissions came from, and you have to fall back to bad heuristics.
For example, if team="company" has "READ", and team="company/dev" has "WRITE", and Bob is in team="company/dev" but not team="company", then Bob will have both "READ" and "WRITE" because of his membership in team="company/dev"; the API will give no indication that the "READ" indirectly came from team="company".
Also, the permissions that the PAT needs in order for GraphQL to even list those things is excessive.
I have added two output examples. One for when you only want to find users that have been directly assigned to a repo (DIRECT) and one that shows how their roles and team memberships decide what permissions they have on a repo.
Having write already implies that you have read, it't not something related to being in a team with read, it's just that write always gives you read.
The permission levels are pull(read), triage(read+issues/pr's), push(read+write), maintain, and admin
i've also been working on a similar tool -- working towards open sourcing it too. would you be interested in taking a look? paul.quenra at conductorone com
