Securing the Git push pipeline: Responding to a critical remote code execution (github.blog) 10 points|by samtrack2019|4h ago|1 comment|Read full story on github.blog
But what about allowing user inputs in trusted fields,
Or allowing switching environments per request, on inputs from users
Or allowing requests in a user context to access storage from another
Or storing everything in plaintext on a node that everything can access
Or not validating user inputs
Or...
Its not a success story.