You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the public IP has no domain, and therefore no ability to do HTTPS.
Therefore, GitHub has to send the WebHook secret in plain text, and it can (maybe, theoretically?) be sniffed.
So we should probably only allow running benchmarks on branches and tags, not arbitrary commits (as GitHub stores a fork’s PR commits in the parent repo)
The text was updated successfully, but these errors were encountered:
Currently, the public IP has no domain, and therefore no ability to do HTTPS.
Therefore, GitHub has to send the WebHook secret in plain text, and it can (maybe, theoretically?) be sniffed.
So we should probably only allow running benchmarks on branches and tags, not arbitrary commits (as GitHub stores a fork’s PR commits in the parent repo)
The text was updated successfully, but these errors were encountered: