Jon BanafatoWhy is it that I keep seeing "everyone should pin their GitHub Actions versions to a SHA because that's the secure way to do it" and not "GitHub should build tooling that creates and manages Actions lockfiles by default"? Am I just missing that version and only seeing the former one boosted?
Shawn Wilsher@jonafato That's because we all know getting GitHub to implement features like that is near impossible 😅
@sdwilsh To quote the hit 1993 film Super Mario Bros.:
Nothing's impossible, Mario. Improbable, Unlikely, but never impossible.