Diane

After reading though this github action hardening guide posted into the emacs reddit community.
https://www.reddit.com/r/emacs/comments/1rowm5i/comment/o9hxc10/

I find myself increasingly intrigued by @liw 's https://ambient.liw.fi/

The CI should have no permissions! None!

Lock the runner in a box and kill it when it's done.

Mar 9 at 5:34pmWeb
Show threadLars WirzeniusMar 9

@alienghic Thank you, I try to keep security first in my mind, and not compromise it knowingly.

Come to my talk at the foss-north conference in Gothenburg, April 27-28, I am giving a talk about Ambient and Radicle CI. Ahem.

#AmbientCI #FossNorth2026 #CI #Security